I want to redirect all invalid traffic to my index page.
Invalid traffic in this context means:
-Case 1. Nonexistent directories
-Case 2. Nonexistent files
-Case 3. Existing route but only directory: Like in example "validroute/images" or "validroute/images/"
Actually my working code is
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [R,L,QSA]
Options -Indexes
For cases 1 and 2 the conditions and the RewriteRule are redirecting correctly to my index.php
For the third case Im using the "Options -indexes" which avoids user to browse my directory and displays the forbidden error. I want to redirect this last case also to the index.php instead.
The nearest approach i got based on redirect 403 error using .htaccess was this
ErrorDocument 403 /index.php
Instead of redirecting ALL forbidden (403) when trying to display a valid "folder" (and ONLY in this case) i seek to redirect to index.
By setting the same redirects i expect the user not to be able to see my directories even if he tries to manually input different routes to see if the directory exists or not. Actually he has the hint because some are "forbidden" and others redirects to index.
This is NOT a duplicate of these because given answers didn't fit me or the issues are not what I intend:
.htaccess redirect - Options -Indexes
.htaccess option -indexes redirect?
.htaccess to redirect everything to index.php, but keep a copy of the website in a subdirectory
Maybe is not possible at all or maybe there is another command or maybe a proper regex combined to RewriteRule to fix the selection.
There is a layer above for the server at which i am not able to access or to see in any way, but as i was handling other kind of permissions (folder accesses by password) i noticed that this had its own way of working without allowing developer to modify this.
So i guess there is no way to override such from a higher lvl .htaccess without direct access to server.
I was using Plesk Obsidian.
So if you dont have full control on the server your configurations might generate some conflicts.
Related
ok, so I have inherited the responsibility of fixing some issues with a current OpenCart system that is running version 3.0.2.0 with SEO URLs. Now I have worked with OpenCart since version 1 and I have tried all the common solutions and checked all the common issues around information pages and their failure to load.
DEV OPENCART SITE
There are several information pages already and they work about, as seen on and contact. However, the information page for forms results in a page not found error.
So I went into the admin area went to the information page and checked to make sure that it was on, the SEO keyword setting was correct and then made sure it had content. I even took the step of creating another information page and it too ended in the same result.
I checked the htaccess file that is fine its contents are here below
Options +FollowSymlinks
# Prevent directory listing
Options -Indexes
# Prevent Direct Access to files
<FilesMatch "(?i)((\.tpl|.twig|\.ini|\.log|(?<!robots)\.txt))">
Require all denied
## For apache 2.2 and older, replace "Require all denied" with these two lines :
# Order deny,allow
# Deny from all
</FilesMatch>
# SEO URL Settings
RewriteEngine On
# If your opencart installation does not run on the main web folder make sure you folder it does run in ie. / becomes /shop/
RewriteBase /
RewriteRule ^sitemap.xml$ index.php?route=extension/feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=extension/feed/google_base [L]
RewriteRule ^system/storage/(.*) index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
I have also confirmed that mod_rewrite is actually installed and set up on the hosting account, even though the others worked as a Programmer I wanted to be extra sure!
I have cleared the cache and even restarted the instance to make sure nothing was being held on too since I didn't know how long it had been running. Mostly because they started development last year and already been through several developers.
I then dug through all of the OpenCart logs that yielded no handy information at all about the situation. So I turned to the actual PHP logs and found the oddest error, as you can see from below it is referencing the forms SEO URL at the end of the error.
AH01276: Cannot serve directory /var/www/vhosts/statesupplyprops.com/test2.statesupplyprops.com/image/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm,index.shtml) found, and server-generated directory index forbidden by Options directive, referer: http://test2.statesupplyprops.com/forms
I'm making a JavaScript web app running on an Apache 2 server. I'm wondering if it's possible (either with mod_rewrite or some other mod) to make any path you type load the index.html from the root path, but keeping the URL?
For example: "example.com/blah/blegh" will load "example.com/index.html", but the address bar will still have "example.com/blah/blegh". Same if you tried typing "example.com/everything/is/index" would still load "example.com/index.html" and have "example.com/everything/is/index" in the address bar.
A simple answer about any mods I would need to use and which commands might be best would suffice. Though a code example would be very useful since I'm new to regex's and Apache rewriting.
Thank you for your time :)
Note: I'm doing this since I'm using History.js to parse URLs/titles into the address bar and tab titles while navigating (a one-page dynamic site). I'd like to be able to just load up the root index.html with the user's initial URL request and respond to users' actions that way much like a REST server.
Actually, you want to rewrite without redirecting. This requires enabling mod_proxy and mod_rewrite in Apache's httpd.conf.
Then, the rewrite should look like this:
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.html [NC,L,QSA]
Reference:
What exactly does the Multiviews options in .htaccess?
htaccess rewrite without redirect
Apache: RewriteRule Flags
I have a site with some pages like that:
example.com/dogs-foo1.php
example.com/dogs-foo2.php
example.com/dogs-foo3.php
And then
example.com/cats-foo1.php
example.com/cats-foo2.php
example.com/cats-foo3.php
Now I have simplified the site with tab menus and I only have
example.com/dogs.php
example.com/cats.php
Now I want the people who try to go to: example.com/cats-foo1.php
be redirected to: example.com/cats.php
instead of getting a 404
Is there anyway, maybe with htaccess?
This probably is what you are looking for:
RewriteEngine on
RewriteRule ^/?cats-.+.php$ /cats.php [R=301]
For this to work you will need to enable the rewriting module into your http server. You should place it in the http servers host configuration. If you decide to use a dynamic configuration files instead (.htaccess) you need to enable their interpretation first (see the AllowOverride directive in the official documentation).
I would recommend however to go a step further and use URLs along the pattern https://example.com/cats, so without the trailing .php as is the standard these days. You need some additional internal rewrite rule for that:
RewriteEngine on
# external redirect from /cats-foo.php to /cats
RewriteRule ^/?cats-.+\.php$ /cats [R=301]
RewriteRule ^/?cats\.php$ /cats [R=301]
# internal rewrite
RewriteRule ^/?cat$ /cats.php [END]
This again can be generalized:
RewriteEngine on
# external redirect from /cats-foo.php to /cats
RewriteRule ^/?(\w+])-.+.php$ /$1 [R=301]
# internal rewrite
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^/?(\w+])$ /$1.php [END]
If you experience a http status 500 with that rule in place chances are you operate a very old version of the apache http server. You will find entries in your http servers error log files complaining about the END flag. In that case replace it with the L flag and try again.
You probably will have to adjust those line, we don't know your specific situation. But the above should get you started along with reading the documentation of the tools you use, which you can start here: http://httpd.apache.org/docs/current/mod/mod_rewrite.html
And a general hint: you should always prefer to place such rules inside the http servers (virtual) host configuration instead of using dynamic configuration files (.htaccess style files). Those files are notoriously error prone, hard to debug and they really slow down the server. They are only provided as a last option for situations where you do not have control over the host configuration (read: really cheap hosting service providers) or if you have an application that relies on writing its own rewrite rules (which is an obvious security nightmare).
I moved all the files/folders in the root to a folder v1.0 and used the following:
RewriteCond $1 !^v1.0/
RewriteRule ^/?(.*) v1.0/$1 [L]
This works and the site now accesses files inside v1.0. The problem is when directly accessing the folders.
This: http://example.com/includes (includes exists)
forwards the url to
http://example.com/v1.0/includes and shows this error:
Forbidden
You don't have permission to access /v1.0/includes/ on this server.
How can the folder structure not be exposed, both in the URL and in the error message?
Since you tagged .htaccess, I assume that you have your rule in your .htaccess. In this context, the first argument of RewriteRule will match against an url that will guaranteed NOT begin with a slash, as that is part of the common prefix.
I think the easiest solution is to add custom error pages for forbidden and not found errors. See the ErrorDocument directive for more information.
ErrorDocument 403 /v1.0/errordocuments/403.php
ErrorDocument 404 /v1.0/errordocuments/404.php
Then make those pages with the relevant information you want to show.
I'm trying to make URL's look better by using a RewriteRule in .htaccess, but it doesn't work.
This is the case. I have a root folder in which there is a PHP-file called pdf.php. The script in that file sends a PDF-file to the user, which name is given as a variable in the URL. The PDF-files are in a folder called pdf, placed in the root. That folder is protected so that it's only possible to get a PDF-file by using the script. All that for security reasons.
You can download the PDF-files when you go to http://example.com/pdf.php?file=pdf/File.pdf for instance, where pdf/File.pdf is the path to the PDF-file. That's working fine. I want it to work when you simply go to http://example.com/pdf/File.pdf, so that URL has to be rewritten to the one mentioned before.
I tried to make a RewriteRule using a generator, but it doesn't work.
The following rules are in the .htaccess-file in the folder pdf. Placing it in the root didn't work either.
Options +FollowSymLinks
RewriteEngine On
RewriteRule ^pdf/([^/]*)$ /pdf.php?file=pdf/$1
The protection of the folder pdf is as follows.
ErrorDocument 403 http://example.com/
Order deny,allow
Deny from all
Try this code in root .htaccess:
Options +FollowSymLinks -MultiViews
RewriteEngine On
# to convert spaces to hyphens
RewriteRule "^(pdf)/(\S*) +(.*)$" /$1/$2-$3 [L,NE,R=302]
RewriteRule ^(pdf/.+)$ /pdf.php?file=$1 [L,QSA,B,NC]