I've seen this question asked/answered a few times on stackoverflow, but I can't get any of the solutions to work for me. I'm sure it's a case of my misunderstanding how mod rewrite works.
I'm trying to rewrite:
node/45/done/sid/
to
node/45/done?sid=
I'm using Drupal, so there are already a few mod rewrite entries (see belo) that might be interfering with the other solutions I've seen. For whatever solves above, where I should put this?
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule "(^|/)\." - [F]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]
<IfModule mod_headers.c>
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.css $1\.css\.gz [QSA]
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1]
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
<FilesMatch "(\.js\.gz|\.css\.gz)$">
Header set Content-Encoding gzip
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
</IfModule>
Since the normal "RewriteRule ^ index.php [L]" rule has the [L] flag, no more rules will execute after that one. So you'll need to add your rules before that one. The "RewriteRule "(^|/)." - [F]" line is a safety precaution, so I'd add your rule immediately after that. I believe if you don't add the [L] flag to your rule, it will then fall through to the default rule.
Related
I want to whitelist this file only in .well-known directory .
My htaccess file
Options -Indexes
RewriteEngine on
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]
<IfModule mod_rewrite.c>
RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule "(^|/)\." - [F]
</IfModule>
my attempts
<Files .well-known/security.txt>
Allow from all
Satisfy Any
</Files>
RewriteEngine on
RewriteCond %{REQUEST_URI} !^(public|.well-known/security.txt)
RewriteRule ^(.*)$ public/$1 [L]
Conclusion !
I just want to whitelist security.txt file only in .well-known directory
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]
This condition is in error since the REQUEST_URI server variable always starts with a slash, so the expression !^public is always successful.
(From this I assume you must have another .htaccess file in the /public subdirectory, otherwise you would get a rewrite loop.)
Once you realise this then you can modify the rule in the way you had tried. For example:
RewriteCond %{REQUEST_URI} !^/(public|\.well-known/security\.txt$)
RewriteRule ^(.*)$ public/$1 [L]
HOWEVER, your other rule blocks all requests for physical files/directories that start with a dot, so the request will still be blocked (with a 403 Forbidden). This rule is also in the wrong place for other requests (it needs to be before the rewrite to the /public subdirectory).
You are better off making an exception as a separate rule at the start of the file instead. For example, try the following instead:
Options -Indexes
RewriteEngine on
# Prevent further processing for special files
RewriteRule ^\.well-known/security\.txt$ - [L]
# Block access to all dot-files
RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule (^|/)\. - [F]
# Rewrite request to "/public" subdirectory
RewriteCond %{REQUEST_URI} !^/public
RewriteRule (.*) public/$1 [L]
The <IfModule> wrapper on that one rule was superfluous.
Concrete5 provides this config dump to insert an elided 'index.php/' at the beginning of all URLs:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}/index.html !-f
RewriteCond %{REQUEST_FILENAME}/index.php !-f
RewriteRule . index.php [L]
</IfModule>
But why does the RewriteRule work?
Why does the replacement string go at the beginning of the URL, and
where does the extra '/' come from? E.g http://<host>/foo ==>
http://<host>/index.php/foo.
Why doesn't this rule require [QSA] to preserve query string parameters?
The rule objectively does handle both these cases correctly, but I cannot deduce from the Apache documentation why it does, and would appreciate some patient instructor reading the relevant sections of the farking manual to me.
I'm trying to write a rewrite rule in addition to wordpress's :
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
I would not like everything to redirect to the main page. I have multiple sub-directories which need to be redirected too : http://www.example.com/sub1 and http://www.example.com/sub2. I'm doing this so my content can be loaded via Ajax.
I thought this would simply be
RewriteRule ^/(sub1|sub2)/(.*)$ http://www.example.com/$1/ [L]
Which I placed in the block here:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^/(sub1|sub2)/(.*)$ http://www.example.com/$1/ [L]
RewriteRule . /index.php [L]
</IfModule>
Perhaps with wordpress you must use wp_rewrite_rule? I figured I could mess with the .htaccess file, get my rule to work, then move it over to functions.
any help would be appreciated.
Thanks.
UPDATE:
I've also tried to set the .htacces file back to the wordpress default... and add this code to the functions.php file for my child theme:
function AJAX_rewrite_rule() {
add_rewrite_rule(
'^/(sub1|sub2)/(.*)$',
'http://www.example.com/$1',
'top' );
};
add_action( 'init', 'AJAX_rewrite_rule' );
Seems to slow the load of everything down, but all files not found are still redirected to the main page, not the subdirectory.
UPDATE #2
I think I was going the wrong direction, as add_rewrite_rule is only to add a rule to the structure already put in place by wordpress. This all works by interpreting URL's, and changing them to variables for a DB query run by index.
I'm pretty sure I need to use $wp_rewrite->non_wp_rules. If anyone has more of an idea, let me know.
Try this, you seem to have ine bad line there:
<IfModule mod_rewrite.c>
RewriteEngine On
# RewriteBase /
# RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f #Means DONT redirect if file exists.
RewriteCond %{REQUEST_FILENAME} !-d #Means DONT redirect if directory exists.
RewriteCond %{REQUEST_URI} !^/sub1/
RewriteCond %{REQUEST_URI} !^/sub2/
# RewriteRule ^/(sub1|sub2)/(.*)$ http://www.example.com/$1/ [L]
RewriteRule . /index.php [L]
</IfModule>
What happens is, every time you add a "RewriteRule" all the "RewriteCond" are applied to that rule, and then you start with a blank slate:
RewriteCond A
RewriteCond B
RewriteCond C
RewriteRule Whatever [L] #This applies A, B, and C
RewriteRule Another [L] #This applies no rules
Perhaps that will help.
Also, you may try adding your "RewriteRule ^/(sub1|sub2)/(.*)$ http://www.example.com/$1/ [L]" right after "RewriteEngine On" if that doesn't work…
We're currently using folders inside webroot to store images and videos which we're loading in views (using the usual html image helper) that require log in.
How can I prevent outside visitors from just doing a site.com/img/photos/1.jpg url and having access to the images?
From what I understand I can't really use media views to render an image inside a proper view, and I can't figure out if there's a solution through htaccess manipulation.
Which is the best practise for this?
Perhaps choosing to go with a non-webroot folder would be best (although that would make it harder in the file-storing part)?
As poncha suggested, I tried editing the main .htaccess file into this
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !localhost
RewriteCond %{REQUEST_URI} ^app/webroot/img/
RewriteRule .* / [L,F]
RewriteRule ^$ app/webroot/ [L]
RewriteRule (.*) app/webroot/$1 [L]
</IfModule>
But the rewrite base line seems to be forbidding access to the whole site, and without it there seems to be no change in img access.
Edit 2:
Editing the htaccess inside webroot:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]
# this RewriteCond is needed to avoid rewrite loops
RewriteCond %{REQUEST_URI} !^/app/webroot/
RewriteRule (.*) app/webroot/$1 [L,R]
RewriteCond %{HTTP_REFERER} !127.0.0.1
RewriteCond %{REQUEST_URI} ^/app/webroot/img/
RewriteRule .* - [L,F]
</IfModule>
This checks if Referer http header is set to something containing your domain, and denies access to img/ folder if not.
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_REFERER} !site.com
RewriteCond %{REQUEST_URI} ^img/
RewriteRule .* / [L,F]
Note: it is easy enough to "break" this protection if someone wants to steal your content, however, it does prevent hotlinking without the need to produce some sort of script that would pass thorugh all the images/videos to check if access should be granted.
EDIT:
In case your website is not in /, You have two options:
Change RewriteBase to reflect the base uri of the site (eg RewriteBase /app/webroot/)
Change RewriteCond to reflect the path from / (eg RewriteCond ^app/webroot/img/)
The second option is preferred in your case because you have other rules there
EDIT2:
In your case, the whole set should look like this:
RewriteEngine on
RewriteBase /
# this RewriteCond is needed to avoid rewrite loops
RewriteCond %{REQUEST_URI} !^/app/webroot/
RewriteRule (.*) app/webroot/$1 [L,R]
RewriteCond %{HTTP_REFERER} !localhost
RewriteCond %{REQUEST_URI} ^/app/webroot/img/
RewriteRule .* - [L,F]
I'm attempting to avoid urls like this one:
images/
or
images/valid-filename.png
or
images/invalid-filename.png
from being rewritten
and I've checked other example questions like .htaccess mod_rewrite on root directory but need it to skip all other directories and .htaccess mod_rewrite exemptions and this one https://stackoverflow.com/questions/7209746/can-mod-rewrite-skip-a-folder but I've not managed to get the rules to achieve what I'm after.
Here is what I have right now:
# Enable URL Rewriting
Options -Indexes
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^(scripts|styles|images)(/.*|$) - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/robots.txt
RewriteCond %{REQUEST_URI} !=/favicon.ico
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# This solved the problem
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RewriteCond %{REQUEST_URI} !images/.* [NC]
RewriteRule ^(.*)$ index.php [L,QSA]
</IfModule>
If I navigate to www.site.com/images/, I get redirected to www.site.com
If I navigate to www.site.com/images/invalid-filename.png, I get redirected to www.site.com
but www.site.com/images/valid-filename.png loads correctly.
Could someone help to explain how to achieve the rewrite behaviour described above?
Many thanks
Try adding this RewriteCond: RewriteCond %{REQUEST_URI} !images/.* [NC]
It will check whether the URI begins with images/ and if it does, the rule will not be met.