I'm doing some web design for a friend and I noticed that everywhere else on her site images will load fine except for the subdirectory I'm working in. I looked in her .htaccess file and sure enough it is setup to deny people from stealing her images. Fair Enough, except the pages i'm working on are in her domain and yet I still get the 403 error. I'm pasting the .htaccess contents below but I replaced the domain names with xyz, 123 and abc.
So specifically the page I'm on (xyz.com/DesignGallery.asp) pulls images from (xyz.com/machform/data/form_1/files) and it results in a forbidden error.
RewriteEngine on
<Files 403.shtml>
order allow,deny
allow from all
</Files>
RewriteCond %{HTTP_REFERER} !^http://xyz.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://xyz.com/machform/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://xyz.com/machform/data/form_1/files/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://xyz.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://abc.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://abc.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://abc.xyz.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://abc.xyz.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://123.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://123.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://123.xyz.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://123.xyz.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.xyz.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.xyz.com/machform/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.xyz.com/machform/$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.xyz.com/machform/data/form_1/files/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.xyz.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.abc.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.abc.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.abc.xyz.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.abc.xyz.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.123.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.123.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.123.xyz.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.123.xyz.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]
deny from 69.49.149.17
RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^vendors\.html$ "http\:\/\/www\.xyz\.com\/Design_Gallery_1\.htm" [R=301,L]
RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^vendors\.asp$ "http\:\/\/www\.xyz\.com\/Design_Gallery_1\.htm" [R=301,L]
RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^ArtGraphics\.html$ "http\:\/\/www\.xyz\.com\/Art_Gallery_1\.htm" [R=301,L]
RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^ArtGraphics\.asp$ "http\:\/\/www\.xyz\.com\/Art_Gallery_1\.htm" [R=301,L]
RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^Gear\.asp$ "http\:\/\/www\.xyz\.com\/Gear_Gallery_1\.htm" [R=301,L]
RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^Gear\.html$ "http\:\/\/www\.xyz\.com\/Gear_Gallery_1\.htm" [R=301,L]
RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^NewsletterSign\-Up\.html$ "http\:\/\/www\.xyz\.com\/Newsletter\.htm" [R=301,L]
RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^NewsletterSign\-Up\.asp$ "http\:\/\/www\.xyz\.com\/Newsletter\.htm" [R=301,L]
RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^KidzStuff\.html$ "http\:\/\/www\.xyz\.com\/KidzStuff1\.htm" [R=301,L]
RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^KidzStuff\.asp$ "http\:\/\/www\.xyz\.com\/KidzStuff1\.htm" [R=301,L]
RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^Vendors\.html$ "http\:\/\/www\.xyz\.com\/Design_Gallery_1\.htm" [R=301,L]
RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^Vendors\.asp$ "http\:\/\/www\.xyz\.com\/Design_Gallery_1\.htm" [R=301,L]
I'll bet its a syntax error in one of the directives, that you may have corrected when substituting www.xyz.com.
If you have access to httpd.conf, you could set up the RewriteLog and RewriteLogLevel directives to get a sense of what's going on when you try to load the images. You should be able to identify the offending line pretty easily. (Be sure to remove those directives once you're done.)
If you don't have access to httpd.conf, you can eliminate the lines one by one until you find the offender.
(Once that's all done, you could probably simplify that .htaccess file quite a bit. Most of those rewrite conditions are redundant. Easy for tiny errors to sneak in and not get noticed)
Related
I have an Apache server running ISPConfig. On a domain example.com I am pointing its subdomains to subfolders, e.g. foo.example.com to /sub/foo. This works fine:
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/example\.com/
RewriteCond %{HTTP_HOST} !^www\.example\.com$ [NC]
RewriteCond %{HTTP_HOST} ^([^\.]+)\.example\.com$ [NC]
RewriteRule ^/(.*)$ /sub/%1/$1 [L]
Now I need to point one specific subdomain into a subfolder's subfolder (bar.example.com into /sub/bar/public to use Laravel). But for some reason, this does not work:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^bar\.example\.com/
RewriteRule ^/(.*)$ /sub/bar/public/$1 [L]
RewriteCond %{REQUEST_URI} !^/example\.com/
RewriteCond %{HTTP_HOST} !^www\.example\.com$ [NC]
RewriteCond %{HTTP_HOST} ^([^\.]+)\.example\.com$ [NC]
RewriteRule ^/(.*)$ /sub/%1/$1 [L]
The problem was the / at the end of the domain name. If I delete it or put there $, it works.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^bar\.example\.com$
RewriteRule ^/(.*)$ /sub/bar/public/$1 [L]
RewriteCond %{REQUEST_URI} !^/example\.com/
RewriteCond %{HTTP_HOST} !^www\.example\.com$ [NC]
RewriteCond %{HTTP_HOST} ^([^\.]+)\.example\.com$ [NC]
RewriteRule ^/(.*)$ /sub/%1/$1 [L]
I'm having a bit of difficulty with rewriting on Oracle HTTP Server for multiple domains that point to same IP address and port
Following is working
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/$
RewriteRule ^(.*)$ https://sub-doamin-1/psp/UACMP/SELF_SERVICE/SA/c/NUI_FRAMEWORK.PT_LANDINGPAGE.GBL [R,L]
However when I try https://sub-doamin-2/analytic it redirects to the https://sub-doamin-1/psp/UACMP/SELF_SERVICE/SA/c/NUI_FRAMEWORK.PT_LANDINGPAGE.GBL
Tried RewriteCond ${HTTP_HOST} method with no luck. It just redirect to / (root)
RewriteEngine On
RewriteCond ${HTTP_HOST} sub-doamin-1$ [NC]
RewriteCond %{REQUEST_URI} ^/$
RewriteRule ^(.*)$ https://sub-doamin-1/psp/UACMP/SELF_SERVICE/SA/c/NUI_FRAMEWORK.PT_LANDINGPAGE.GBL [R,L]
RewriteCond ${HTTP_HOST} sub-doamin-2$ [NC]
RewriteCond %{REQUEST_URI} ^/$
RewriteRule ^(.*)$ https://sub-doamin-2/analytics
Can you please assists resolving this issue?
It should be %{HTTP_HOST} instead of ${HTTP_HOST}
So the rules should be:
RewriteCond %{HTTP_HOST} sub1.test.com$ [NC]
RewriteCond %{REQUEST_URI} ^/$
RewriteRule ^(.*)$ https://sub1.test.com/psp/UACMP/SELF_SERVICE/SA/c/NUI_FRAMEWORK.PT_LANDINGPAGE.GBL [R,L]
RewriteCond %{HTTP_HOST} sub2.test.com$ [NC]
RewriteCond %{REQUEST_URI} ^/$
RewriteRule ^(.*)$ https://sub2.test.com/analytics [L]
You can check the rules here: https://htaccess.madewithlove.be?share=6632e45c-a7bb-5099-ab0b-468ba1066277
for the urls https://sub1.test.com and https://sub2.test.com
If you write your original rules in that website you will get This test string is not supported: ${HTTP_HOST} so this can also help you next time.
I use this .htaccess file in root directory of my Laravel website on hosting, so the visitors dont see /public/ in URL address:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^my-domain.com$ [NC,OR]
RewriteCond %{HTTP_HOST} ^www.my-domain.com$
RewriteCond %{REQUEST_URI} !public/
RewriteRule (.*) /public/$1 [L]
But so far I couldnt find a simple solution to add forced HTTPS redirection. Any suggestions please?
Force domain to use https using .htaccess
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L,NE]
modify your .htaccess with this code:
<IfModule mod_rewrite.c>
Options -Indexes
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?$1 [L,QSA]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s(.*)/index\.php [NC]
RewriteRule ^ %1 [R=301,L]
</IfModule>
This will help you
You should try below in .htaccess
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://www.my-domain.com/$1 [R=301,L]
I'm trying to use mod_rewrite to redirect certain pages to use SSL. For that I have:
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{REQUEST_URI} !^/login(\.php)?$ [NC]
RewriteCond %{REQUEST_URI} !^/contact-us(\.php)?$ [NC]
RewriteCond %{REQUEST_URI} !^/\..*$
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} !^dev\.example\.com$ [NC]
RewriteCond %{SERVER_PORT} ^80$
RewriteCond %{REQUEST_URI} ^/login(\.php)?$ [NC,OR]
RewriteCond %{REQUEST_URI} ^/contact-us(\.php)?$ [NC]
RewriteRule ^(.+)\.php$ https://www.example.com/$1 [R=301,L]
This works fine, and does exactly what I want it to do.
Later in my .htacess I have a:
RewriteRule ^members/(.+)/change-password$ members/.change-password.php?item=$1 [NC,QSA,L]
So if a URL appears as, for example:
http://www.example.com/members/foo-bar/change-password
Internally it would be processed as:
/members/.change-password.php?item=foo-bar
Again, this works fine and is doing what I want it too.
What I now need to do is include this in my original SSL redirect logic to ensure that any change password requests are redirected to the same URL but over https instead. I've tried:
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{REQUEST_URI} !^/login(\.php)?$ [NC]
RewriteCond %{REQUEST_URI} !^/contact-us(\.php)?$ [NC]
RewriteCond %{REQUEST_URI} !^/\..*$
RewriteCond %{REQUEST_URI} !^/members/.+/change-password [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} !^dev\.example\.com$ [NC]
RewriteCond %{SERVER_PORT} ^80$
RewriteCond %{REQUEST_URI} ^/login(\.php)?$ [NC,OR]
RewriteCond %{REQUEST_URI} ^/contact-us(\.php)?$ [NC,OR]
RewriteCond %{REQUEST_URI} ^/members/.+/change-password [NC]
RewriteRule ^(.+)\.php$ https://www.example.com/$1 [R=301,L]
But this doesn't work - I just get the page delivered over http. Changing the .+ to .* appears to put me into a permanent redirect loop.
I'm guessing this is because of the internal rewrite but no matter what I try I can't seem to resolve it.
Can anyone please advise?
Thanks,
Adam M.
A further review of the mod_rewrite documentation led me to a bit I'd missed specific to its usage in .htaccess files. Basically the [L] flag doesn't actually indicate last as per the norm. Instead you need to use the [END] flag (http://httpd.apache.org/docs/current/rewrite/flags.html#flag_l refers).
Of course that then led me to another issue - my hosting provider doesn't have an up-to-date installation of either Apache or mod_rewrite so the [END] flag triggered the ubiqitous HTTP 500 Internal Server Error.
So what to do? Well I went back to my original ruleset with the knowledge that [L] wasn't doing what I was expecting and spotted the error straight away - the %{REQUEST_URI} value had been updated by the internal rewrite:
RewriteRule ^members/(.+)/change-password$ members/.change-password.php?url-slug=$1 [NC,QSA,L]
Therefore changing my original redirection logic to exclude this resolved my issue:
RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{REQUEST_URI} !^/login(\.php)?$ [NC]
RewriteCond %{REQUEST_URI} !^/contact-us(\.php)?$ [NC]
RewriteCond %{REQUEST_URI} !^/\..*$
RewriteCond %{REQUEST_URI} !^/members/.+/change-password$ [NC]
RewriteCond %{REQUEST_URI} !^/members/\.change-password(\.php)? [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} !^dev\.example\.com$ [NC]
RewriteCond %{SERVER_PORT} ^80$
RewriteCond %{REQUEST_URI} ^/login(\.php)?$ [NC,OR]
RewriteCond %{REQUEST_URI} ^/contact-us(\.php)?$ [NC,OR]
RewriteCond %{REQUEST_URI} ^/members/.+/change-password$ [NC]
RewriteRule ^(.+)(\.php)?$ https://www.example.com/$1 [R=301,L]
how can I do this?
RewriteCond %{REQUEST_URI} !payment\.callback\.php$ [NC]
the uri must not end on payment.callback.php
EDIT:
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^(secure)\.domain\.com$ [NC]
RewriteCond %{REQUEST_URI} !payment\.[^.]\.php$ [NC]
RewriteRule ^(.*)$ https://%1.domain.com/$1 [L,R=301]
RewriteCond %{HTTP_HOST} ^(demo|secure)\.domain\.com$ [NC]
RewriteCond %{REQUEST_URI} !^/_domain\.com/_secure/ [NC]
RewriteRule ^(.*)$ /_domain.com/_secure/$1 [L]
I don't want to rewrite (http => https) urls to secure.domain.com that ends on payment\.[^.]+\.php$