How to prevent hotlinking static files? - jetty

I want to prevent hotlinking on my static files on a Jetty 9.3.6 server, that is to only allow my domain, my subdomains, and directly access (none referer header, such as open it directly with the url on a web browser) to view them.
The only thing I've found so far is HeaderPatternRule of the Rewrite pluggin but seems like it can only rewrite the header.
Do you know how? Understanding I can have something in front of the Jetty server to do the work for it.
Update: Something like this on Apache Httpd
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?yourwebdomain.com(/)?.*$ [NC]

Add a Filter to your static deployment protecting your preferred paths from hot linking.
See prior answer with example filter: https://stackoverflow.com/a/4051622/775715

Related

Redirect all urls to new domain but some specific urls

Good morning at all. I have a WordPress website and I want to redirect all urls to new domain but:
http://domain.it/?page_id=3668
http://domain.it/?team={name}-{surname}
I wrote this code in the htaccess file
#RewriteCond %{QUERY_STRING} !^team=([a-z-]+)$
#RewriteCond %{QUERY_STRING} !^page_id=3668$
#RewriteRule ^(.*)$ https://newdomain.it/ [L,R=301]
but it does not work correctly. In the Network tab of the Firefox developer tools, I see that there are some resources that are loaded from newdomain.it (for example css and images).
What I'm doing wrong?
This probably is what you are looking for:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^old\.example\.com$
RewriteCond %{QUERY_STRING} ^page_id=3668$ [OR]
RewriteCond %{QUERY_STRING} ^team=\w+-\w+$
RewriteRule ^ - [END]
RewriteRule ^/?(.*)$ https://new.example.com/$1 [R=301]
Is allows the two domains being served by the same http server, but that is not a requirement. If you operate two separate http servers then these rules belong into the one serving the old domain, obviously.
It is a good idea to start out with a 302 temporary redirection and only change that to a 301 permanent redirection later, once you are certain everything is correctly set up. That prevents caching issues while trying things out...
In case you receive an internal server error (http status 500) using the rule above then chances are that you operate a very old version of the apache http server. You will see a definite hint to an unsupported [END] flag in your http servers error log file in that case. You can either try to upgrade or use the older [L] flag, it probably will work the same in this situation, though that depends a bit on your setup.
This implementation will work likewise in the http servers host configuration or inside a dynamic configuration file (".htaccess" file). Obviously the rewriting module needs to be loaded inside the http server and enabled in the http host. In case you use a dynamic configuration file you need to take care that it's interpretation is enabled at all in the host configuration and that it is located in the host's DOCUMENT_ROOT folder.
And a general remark: you should always prefer to place such rules in the http servers host configuration instead of using dynamic configuration files (".htaccess"). Those dynamic configuration files add complexity, are often a cause of unexpected behavior, hard to debug and they really slow down the http server. They are only provided as a last option for situations where you do not have access to the real http servers host configuration (read: really cheap service providers) or for applications insisting on writing their own rules (which is an obvious security nightmare).

Apache redirect keeping URL

I'm making a JavaScript web app running on an Apache 2 server. I'm wondering if it's possible (either with mod_rewrite or some other mod) to make any path you type load the index.html from the root path, but keeping the URL?
For example: "example.com/blah/blegh" will load "example.com/index.html", but the address bar will still have "example.com/blah/blegh". Same if you tried typing "example.com/everything/is/index" would still load "example.com/index.html" and have "example.com/everything/is/index" in the address bar.
A simple answer about any mods I would need to use and which commands might be best would suffice. Though a code example would be very useful since I'm new to regex's and Apache rewriting.
Thank you for your time :)
Note: I'm doing this since I'm using History.js to parse URLs/titles into the address bar and tab titles while navigating (a one-page dynamic site). I'd like to be able to just load up the root index.html with the user's initial URL request and respond to users' actions that way much like a REST server.
Actually, you want to rewrite without redirecting. This requires enabling mod_proxy and mod_rewrite in Apache's httpd.conf.
Then, the rewrite should look like this:
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.html [NC,L,QSA]
Reference:
What exactly does the Multiviews options in .htaccess?
htaccess rewrite without redirect
Apache: RewriteRule Flags

I want to redirect example.com/chapter-foo.php to example.com/chapter.php

I have a site with some pages like that:
example.com/dogs-foo1.php
example.com/dogs-foo2.php
example.com/dogs-foo3.php
And then
example.com/cats-foo1.php
example.com/cats-foo2.php
example.com/cats-foo3.php
Now I have simplified the site with tab menus and I only have
example.com/dogs.php
example.com/cats.php
Now I want the people who try to go to: example.com/cats-foo1.php
be redirected to: example.com/cats.php
instead of getting a 404
Is there anyway, maybe with htaccess?
This probably is what you are looking for:
RewriteEngine on
RewriteRule ^/?cats-.+.php$ /cats.php [R=301]
For this to work you will need to enable the rewriting module into your http server. You should place it in the http servers host configuration. If you decide to use a dynamic configuration files instead (.htaccess) you need to enable their interpretation first (see the AllowOverride directive in the official documentation).
I would recommend however to go a step further and use URLs along the pattern https://example.com/cats, so without the trailing .php as is the standard these days. You need some additional internal rewrite rule for that:
RewriteEngine on
# external redirect from /cats-foo.php to /cats
RewriteRule ^/?cats-.+\.php$ /cats [R=301]
RewriteRule ^/?cats\.php$ /cats [R=301]
# internal rewrite
RewriteRule ^/?cat$ /cats.php [END]
This again can be generalized:
RewriteEngine on
# external redirect from /cats-foo.php to /cats
RewriteRule ^/?(\w+])-.+.php$ /$1 [R=301]
# internal rewrite
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^/?(\w+])$ /$1.php [END]
If you experience a http status 500 with that rule in place chances are you operate a very old version of the apache http server. You will find entries in your http servers error log files complaining about the END flag. In that case replace it with the L flag and try again.
You probably will have to adjust those line, we don't know your specific situation. But the above should get you started along with reading the documentation of the tools you use, which you can start here: http://httpd.apache.org/docs/current/mod/mod_rewrite.html
And a general hint: you should always prefer to place such rules inside the http servers (virtual) host configuration instead of using dynamic configuration files (.htaccess style files). Those files are notoriously error prone, hard to debug and they really slow down the server. They are only provided as a last option for situations where you do not have control over the host configuration (read: really cheap hosting service providers) or if you have an application that relies on writing its own rewrite rules (which is an obvious security nightmare).

URL Mask/Cloak with redirect

Am trying to do the following. My website is hosted on
www.sitehost.com/uk
But I own this domain.
www.mainsite.co.uk
Is it possible to redirect the user hitting www.mainsite.co.uk to www.sitehost.com/uk but retain the www.mainsite.co.uk?
I tried doing .htaccess redirect and it worked but it changed the URLs from www.mainsite.co.uk to www.sitehost.com/uk
Ideally it would work like so...
www.sitehost.com/uk/post/20
can be accessed via
www.mainsite.co.uk/post/20
I tried mod_proxy but it didn't seem to work all the way. Anyone know how to do this? Is this even possible with Apache?
This is possible if mod_proxy is enabled in your Apache config.
Once mod_proxy and mod_rewrite are enabled place this rule in your DocumentRoot/.htaccess file of sitehost host:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?sitehost\.com$ [NC]
RewriteRule ^ http://www.mainsite.co.uk%{REQUEST_URI} [L,P]
P flag is used for proxying the request to external URL.

.htaccess forward local to remote on 404

I do all of my development locally on sites that use a CMS. We have a directory that is used to store user-uploaded content, such as images (/assets/). The problem is, when developing locally, I don't want all of the uploaded files from the production site on my machine, so I leave this directory empty, and all of the HTTP requests for files in the /assets/ directory get 404'ed.
What would be great is if I could have a rewrite rule in my .htaccess that detects the 404, and forwards to the external URL of the production site to load the asset from there. The logic would be:
Request localhost/somesite/assets/foo.jpg
200 response ? send the local file /somesite/assets/foo.jpg
404 ? forward to http://www.productionsite.com/assets/foo.jpg
Is this possible?
Have your .htaccess rules like this:
Options +FollowSymlinks -MultiViews
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(assets/.*)$ http://www.productionsite.com/$1 [R,L,NC]
This will make sure that any request matching /assets/ and doesn't already exist on your local webserver will be externally redirected to http://www.productionsite.com/assets/...
btw you should really improve your acceptance rate otherwise you may not many answers here.
Is /assets always on another site, or only if the files are not available locally?
The reason I ask is that it may be simpler to always redirect just /assets to the live with the following (untested) rules in httpd.conf/.htaccess on your development server:
Options +FollowSymLinks
RewriteEngine on
RewriteCond $1 ^(assets) [NC]
RewriteRule ^(.*)$ http://www.livesite.com/$1 [L]