ReWriteCond in .htaccess not working in IE11 - mod-rewrite

The purpose of this code is to prevent people from accessing a pdf file unless they are accessing the file from another page in https://www.example.com. If they are trying to access the PDF from another site, they are to be redirected to our commercial website https://example2.com. (It is to prevent people who don't have authorized access from downloading a PDF or from copying the URL for the PDF and sharing it with others.)
RewriteEngine On
RewriteCond %{HTTP_HOST}##%{HTTP_REFERER} !^([^#]*)##https?://\1/.*
RewriteRule ^(.*) https://example2.com/ [L,R=301]
The code above worked fine with all browsers until a recent update to IE11 and now it ignores the rewrite condition and always redirects to https://example2.com even if you are linking from https://www.example.com. However it works as it should in Chrome and Edge.
I tried changing the rewrite to what I have below as I am fine hardcoding the URL, but got the same results:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https://www.example.com/.*
RewriteRule ^(.*) https://example.com/ [L,R=301]
How do I get this needed functionality to work in IE?

Maybe IE has an old and wrong rewrite rule cached. You could clear cache in IE and try again.
Besides, you could test your rewrite rules in this site. I test with your first code and it says:
This test string is not supported: %{HTTP_HOST}##%{HTTP_REFERER}
I test with your second code and it works. So I think you could clear IE cache and try again with the second code.
For more information, you could refer to this similar thread.

Related

.htaccess image to web page redirect of sorts

I think this can be done, though not sure, so I came here to find out from you experts. I researched extensively, but always get the opposite of what I want to do. I was wondering if someone types in the image file URL (on server side) into an address bar if that could be directed to its corresponding web page.
For example:
One types in yourdomain.com/wp-content/uploads/image-name.jpg and it's directed to yourdomain.com/print/image-name (w/o .jpg)
So instead of one just seeing the image in a window, they will see the image, it's information and how to purchase it on my brand web site.
If that is not possible or the file name doesn't match, can directly typed server side image file URLs redirect to my website galleries or home page? And where in .htaccess would this code be located? Above begin wordpress or not?
If above Begin WP, will that interfere with this code that already exists? If so how would I exactly write it?
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.sitename.com/$1 [R,L]
Thanks in advance!
EDIT: To clarify, my site being down has nothing to do with the help I received here. I upgraded my web host account and there was a glitch when they migrated it.
Insert this rule just below RewriteEngine On line:
RewriteCond %{THE_REQUEST} /wp-content/uploads/(.+?)\.jpg [NC]
RewriteRule ^ /print/%1? [L,R=302,NE]

IsapiRewrite rules generate strange pages/folders?

i'm using IsapiRewrite from helicontech for my custom classic ASP shopping cart.
My actual httpd.ini file is:
[ISAPI_Rewrite]
RewriteBase /
RewriteCond %HTTPS off
RewriteCond Host: (?!^www.domain.com)(.+)
RewriteRule /(.*) http\://www.domain.com/$2 [I,RP]
RewriteRule /httpd(?:\.ini|\.parse\.errors).* / [I,O]
RewriteRule /(.+)-([^-]*)-([^-]*)-([^-]*)\.html$ /detail.asp?brand=$1&model=$2&id=$3&lg=$4 [L]
So i'm actually using this component only to rewrite the product detail page in a nice way.
Lately looking in google cache i find some folders with files inside cached by googleBot that doesn't exist on my server eg: domain.com/carrera-CHAMPION ... and so on.
The page drawn if i access these strange pages is the detail.asp page but without css and some js loaded.
I tested recently the site with Acunetix scanner and seems like he found too these strange folders.
First i added a javascript check to se if Jquery not loaded then that means the page is one of these so i throw an alert and redirect user to homepage ..
Do you know what could be ? or how i could solve this via a rule in httpd.ini?
Hope i make myself clear if no feel free to ask me details,
thank you
Can you confirm that when you disable ISAPI_Rewrite these strange pages/folders disappear?
Please note that ISAPI_Rewrite only rewrites response headers and can't generate anything, so it's highly unlikely to be the cause of the issue.
BTW, your config is the mixture of ISAPI_Rewrite 2 and 3 syntax. If it's v2, please fix it like this:
[ISAPI_Rewrite]
RewriteCond %HTTPS off
RewriteCond Host: (?!www.domain.com).+
RewriteRule /(.*) http\://www.domain.com/$1 [I,RP]
RewriteRule /httpd(?:\.ini|\.parse\.errors).* / [I,O]
RewriteRule /(.+)-([^-]*)-([^-]*)-([^-]*)\.html$ /detail.asp\?brand=$1&model=$2&id=$3&lg=$4 [L]

Apache2 redirect all but some pages back to http using vhosts

I am using rewrite rules with Apache 2 to redirect certain types of pages to HTTPS using vhosts. These are anything that starts with mydomain.com/users. In other words, all pages having to do with users and their information should be on HTTPS. I want to redirect all other pages to HTTP.
What happens now is that when a user goes to a /users page, he is redirected fine to HTTPS. But when he navigates away from the /users area, I can't get the redirect back to HTTP.
I need the rules and conditions to rewrite anything that is NOT /users/* to HTTP. In other words, please help me fill in the blanks:
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{REQUEST_URI} __blank__
RewriteRule __blank__ http://mydomain.com%{REQUEST_URI} [R=301,L]
In researching this, there are a few things I am trying to avoid. I need a wildcard under /users because I am developing the app and often add pages under users (it's a Rails app).
I understand that it is not easy to do a NOT match with regular expressions. All I am trying to do here is have the bulk of the site run on HTTP except the /users/* pages on HTTPS.
Also, yes I have a valid cert and yes I have verified that the Apache2 rewrite mod works. I can get all URLs rewritten to HTTP no problem. How do I NOT rewrite ones that start with /users in the REQUEST_URI? I think I have actually tried about every answer on this site so far...
There quite a few answers for this sort of questions, -- you just need to search this site a bit. Yes, they do not answer your question 100% straight away (as everyone has slightly different requirements -- like different page name etc) but the whole approach is the same.
In any case -- here how it can be done:
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteBase /
# don't do anything for images/css/js (leave protocol as is)
RewriteRule \.(gif|jpe?g|png|css|js)$ - [NC,L]
# force https for /users/*
RewriteCond %{HTTPS} =off
RewriteRule ^/users/ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# force http for all other URLs
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/users/
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# your other rewrite rules below
These rules need to be placed inside VirtualHost directive BEFORE any other rewrite rules (if such present). If placed elsewhere some small tweaking may be required.
They will
force HTTPS for all resources in /users/,
do nothing for images, css styles and JavaScript files (to be precise, for files with those extensions)
and will force HTTP for all other URLs
IMPORTANT NOTE: It is very likely that these rule will not work for you straight away. That is because modern browser do CACHE 301 redirects from your previous attempts. Therefore I recommend testing it on another browser and change 301 to 302 during testing (302 is not cached) .. or clear all browser caches (maybe even history) and restart browser.

How to redirect url to another

OK...
I have setup things so that when the following page is requested (browser users and servers)
http://www.visualise.ca/?_escaped_fragment_=corona
the website returns the following the content of this (HTML snapshot)
http://www.visualise.ca/corona
Where 'corona' always change, it varies depending on the page the users or servers are requesting. It could also be
http://www.visualise.ca/?_escaped_fragment_=anne-au-cherry
redirecting to
http://www.visualise.ca/anne-au-cherry
Thanks
UPDATE: OK let me be more clear. I use AJAX to load my Wordpress post and they appear like this http://www.visualise.ca/#!/corona when loaded. But it's not crawlable by Google that request to serv them as http://www.visualise.ca/?_escaped_fragment_=corona so I modified Wordpress to do so. Now Google can crawl my page and index its content and accessing the HTML snapshot available at http://www.visualise.ca/corona.
The problem is that when I paste the http://www.visualise.ca/#!/corona link to facebook it seems to read the http://www.visualise.ca/?_escaped_fragment_=corona and is unable to read the content. But when I paste directly the http://www.visualise.ca/?_escaped_fragment_=corona link it works, it reads http://www.visualise.ca/corona (The HTML).
So I thought maybe if I could redirect http://www.visualise.ca/?_escaped_fragment_=corona to http://www.visualise.ca/corona it would solve my problem.
Here is the existing .htaccess file
#--- DH-PHP handlers ---
AddHandler fastcgi-script fcg fcgi fpl
AddHandler php-fastcgi .php
Action php-fastcgi /cgi-bin/dispatch.fcgi
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
The common mistake that a lot of people do is trying to match whole URL including query string. The reality is: when matching URL, the pattern get applied to path part of it and query string has to be matched separately.
Use this rule: it will issue 301 Permanent Redirect from this kind of URL /?_escaped_fragment_=corona to /corona (where corona can be anything).
RewriteCond %{QUERY_STRING} ^_escaped_fragment_=([^&]*)
RewriteRule .* http://%{HTTP_HOST}/%1? [R=301,L]
I guess your question is really "how do I do this kind of redirection?". So the answer is here:
There are three ways that I could think of, each with slight differences.
Doing the redirection server side
This basically means you set redirect headers in your response. In php, you could do this using the header function. It can also do a delayed redirect, in which case you need to worry about the contents of the page.
Doing it using client side using html's "http-equiv" meta tags. This way the page always gets loaded. Example here.
doing it via javascript. Thats you basic document.location.href thing. You need to figure out a way to pass the argument to javascript, or have your JS read it from the address url itself.
Since I've shown you 3 ways of doing this, I really hope that's what you're looking for :P
Update after seeing the comments:
The above methods will cause the URL to change. If you don't want the URL to change, but show the contents of that other page on your original page, you caould either do that using iframes (baaaad), or do the decent thing and set up URL rewriting.
:)
RewriteEngine on
RewriteRule \?_escaped_fragment_=(.*?) /$1 [L,R=301]
is it what are you looking for?

How to deal with "#" in a query string in mod_rewrite?

I asked this question about rewriting old "ugly" links into seo friendly ones.
I need to "extract" some information after the "sharp" symbol in some urls. I've created a regular expression to it but it can't seen to work.
After my question, I created this logic for this url for example, script.php?mode=full&id=23:
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /script\.php\?mode=full&id=([0-9]+)\ HTTP/
RewriteRule ^script\.php$ fix_old_urls.php?phpfile=script2&id=%1 [NC,L]
But I'm working in a legacy application, and I need to extract the value after the sharp symbol in some pages, in the example url script.php?mode=full#23:
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /script\.php\?mode=list\#([0-9]+)\ HTTP/
RewriteRule ^script\.php$ fix_old_urls.php?phpfile=script&id=%1 [NC,L]
(in fix_old_urls I properly redirect with a 301 code).
The first one works, but not the second. To me it looks like it`s the same logic in both. What am I'm doing wrong?
Anchor information (the part starting with the #) is never actually sent to the server. It's handled completely by the browser, and thus you can't touch it with mod_rewrite (nor can you access it via server-side scripting languages). The only things that can see it are the browser and client-side scripts (like Javascript).

Resources