<FilesMatch "\.html$">
How do I specify only .html files in base directory?
I want
https://www.example.com/page.html
But not https://www.example.com/directory/page.html
Since the rule is in .htaccess of the root directory, as became clear from the discussion below, try this
<FilesMatch "^\.(html|php)$">
<If "%{REQUEST_URI} =~ m#^/[^/]+\.(html|php)$#">
(your directives)
</If>
</FilesMatch>
See https://httpd.apache.org/docs/2.4/sections.html#file-and-web, https://httpd.apache.org/docs/2.4/mod/core.html#if and https://httpd.apache.org/docs/2.4/expr.html.
Related
I have created a .htaccess file and trying to have a CAS login when the user goes to a url (ie: https://www.mycompany.com/users/forms/immigration.php)
I have created a filesmatch if the page begins with either imm or imp and ends in a .php, it should prompt a CAS login. I have used the FilesMatch tag and here the following code:
<FilesMatch "^(imm|imp)\.php$">
Authtype CAS
Require valid-user
</FilesMatch>
Is there a different directive tag I should use?
You will need to include .* after initial part to allow matching immigration.php:
<FilesMatch "^(imm|imp).*\.php$">
Authtype CAS
Require valid-user
</FilesMatch>
I'm looking for a solution with htaccess to block access to files that contains the word "scheduleBackup" (case sensitive).
I tried this but it does not work :
<filesMatch "/scheduleBackup/i">
Order allow,deny
Deny from all
</FilesMatch>
Thanks in advance for your help.
I finally found the answer :
<FilesMatch "_scheduleBackup_full_">
Order allow,deny
Deny from all
</FilesMatch>
Now it works !
Try this instead:
<FilesMatch "/website\.com_scheduleBackup_full_\d{4}-\d{2}-\d{2}_.+?\.zip/">
Order allow,deny
Deny from all
</FilesMatch>
i means insensitive case.
To block access to any file with scheduleBackup (ignore case) text you can use this code in your DOCUMENT_ROOT/.htaccess file:
RewriteEngine On
RewriteRule scheduleBackup - [F,NC]
I have the following .htaccess file on our xxx.yyy.edu site, in the root.
<FilesMatch "(.+)\.php">
AuthType shibboleth
ShibRequestSetting requireSession 1
ShibUseHeaders On
Require valid-user
ShibRequestSetting redirectToSSL 443
</FilesMatch>
This should only match files that end in .php, and match all files that end in .php, then force authentication. That part of it appears to work fine.
However, it also matches the root url, http://xxx.yyy.edu and http://xxx.yyy.edu/. Which isn’t a good thing, since it is forcing the root of the site to be authenticated.
It does not match xxx.yyy.edu/index.htm, or any other url that has anything after the domain name, like xxx.yyy.edu/students.htm or even xxx.yyy.edu/x
I’ve tested it in www.regexr.com, and it does not match the root url there.
Any thoughts/suggestions appreciated.
You are getting authentication dialog because on your landing page default page is set to index.php.
Have this FilesMatch with negative lookahead to avoid index.php from authentication:
<FilesMatch "^(?!index\.php$).+?\.php$">
AuthType shibboleth
ShibRequestSetting requireSession 1
ShibUseHeaders On
Require valid-user
ShibRequestSetting redirectToSSL 443
</FilesMatch>
Sounds like perhaps it is matching the newline with the "dot" (a la XRegExp). Try something like \w+:[\d\w\s\./]+\.php.
I wanted to serve .xhtml files as
application/xhtml+xml if the browser says that it accepts it.
text/html otherwise
I tried doing it with mod_rewrite but it didn't work with Options -FollowSymLinks (see Why I do I get 403 Forbidden when viewing files affected by Apache RewriteRule if I have `Options -FollowSymLinks`?).
Then, I tried
<Files "*.xhtml">
<If "%{HTTP:Accept} !~ /application\/xhtml\+xml/">
ForceType text/html
</If>
</Files>
But I get a syntax error: Failed to compile regular expression.
Meanwhile, I use this code...
<Files "*.xhtml">
<If "%{HTTP:Accept} !~ /xhtml\+xml/">
ForceType text/html
</If>
</Files>
... which works, but I want to match the correct MIME type.
You could use an escape code like \x2F instead of the /.
It looks like improving this is still under construction as of Apache 2.4. Apache team member "covener" recommends m#regexp# instead.
So your code would look like this...
<If "%{HTTP:Accept} !~ m#application/xhtml\+xml#">
I am running Apache httpd on Windows. I want to get Apache to make index.html uncacheable - but only the home index.html, no other index.html files. This is what I have so far:
<Directory "D:\path\to\root">
<FilesMatch "index.html$">
Header set Cache-Control "max-age=0, must-revalidate"
</FilesMatch>
</Directory>
It works - but works for all index.html files. How can I narrow this down to just the one index.html? Apparently I can use regex in Directory, but I this did not work:
<Directory ~ "D:\\path\\to\\root">
You can specify a path instead of just a file name inside the Files directive. So I guess the same applies to the FilesMatch directive. That way you could exclude files that carry a path from their subsirectory when being matched against the regular expression.
Note that I have not tested this, but it might be worth a try:
<Directory "D:\path\to\root">
<FilesMatch "^[^\\]*index.html$">
Header set Cache-Control "max-age=0, must-revalidate"
</FilesMatch >
</Directory>
Note that I am also not sure about which backslash (\) you have to escape and which not. This strange path notation MS-Windows uses internally really is a problem. Not only when dealing with regular expressions :-)
This works nicely:
<Location /index.html>
Header set Cache-Control "max-age=0, must-revalidate"
</Location>