I am using RegEx in my .htaccess file to determine what URIs get sent to my router file. I have a problem though because one page that I need to route contains a string that I'm filtering out, causing that URI not to be sent to the router. I don't want the URIs with "adm" in them to be sent to the router, but this also means that it filters out URIs with strings like "admonish" or "administrate".
.htaccess:
<IfModule mod_rewrite.c>
Options +FollowSymlinks
# Options +SymLinksIfOwnerMatch
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^http://%1%{REQUEST_URI} [R=301,L]
</IfModule>
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule !(^adm|^ajax|^google([a-z0-9])|^tools|^swf|^confirm|^style) index.php [nc]
I've tried things like RewriteRule !(^adm(![in])|^ajax|^google([a-z0-9])|^tools|^swf|^confirm|^style) index.php [nc] and RewriteRule !(^adm(!in)|^ajax|^google([a-z0-9])|^tools|^swf|^confirm|^style) index.php [nc], but with no success.
What is the correct way to match a portion of a word if it is not followed by characters other than "/"?
EDIT - This is the current Rewrite as suggested:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule !(^(?i)\badm(?=[a-z])|^ajax|^google([a-z0-9])|^tools|^swf|^confirm|^style) index.php [nc]
Still no luck with this, though.
UPDATE - Full .htaccess file:
DirectoryIndex index.php
<IfModule mod_rewrite.c>
Options +FollowSymlinks
# Options +SymLinksIfOwnerMatch
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^http://%1%{REQUEST_URI} [R=301,L]
</IfModule>
RewriteCond %{REQUEST_URI} !/(adm|ajax|google([a-z0-9])|tools|swf|confirm|style) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . index.php [L]
# Rewrite requests for sitemap.xml
RewriteRule sitemap.xml$ sitemap.php?target=google [L]
# Rewrite requests for urllist.txt
RewriteRule urllist.txt$ sitemap.php?target=yahoo [L]
Options -MultiViews
# ----------------------------------------------------------------------
# Custom 404 page
# ----------------------------------------------------------------------
# You can add custom pages to handle 500 or 403 pretty easily, if you like.
# If you are hosting your site in subdirectory, adjust this accordingly
# e.g. ErrorDocument 404 /subdir/404.html
ErrorDocument 400 /error.php?e=400
ErrorDocument 401 /error.php?e=401
ErrorDocument 403 /error.php?e=403
ErrorDocument 404 /error.php?e=404
ErrorDocument 500 /error.php?e=500
# ----------------------------------------------------------------------
# UTF-8 encoding
# ----------------------------------------------------------------------
# Use UTF-8 encoding for anything served text/plain or text/html
AddDefaultCharset utf-8
# Force UTF-8 for a number of file formats
AddCharset utf-8 .atom .css .js .json .rss .vtt .xml
# ----------------------------------------------------------------------
# A little more security
# ----------------------------------------------------------------------
# To avoid displaying the exact version number of Apache being used, add the
# following to httpd.conf (it will not work in .htaccess):
# ServerTokens Prod
# "-Indexes" will have Apache block users from browsing folders without a
# default document Usually you should leave this activated, because you
# shouldn't allow everybody to surf through every folder on your server (which
# includes rather private places like CMS system folders).
<IfModule mod_autoindex.c>
Options -Indexes
</IfModule>
# Block access to "hidden" directories or files whose names begin with a
# period. This includes directories used by version control systems such as
# Subversion or Git.
<IfModule mod_rewrite.c>
RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule "(^|/)\." - [F]
</IfModule>
# Block access to backup and source files. These files may be left by some
# text/html editors and pose a great security danger, when anyone can access
# them.
<FilesMatch "(\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
# Increase cookie security
<IfModule php5_module>
php_value session.cookie_httponly true
php_value error_log /logs/php_errors.log
</IfModule>
# prevent access to PHP error log
<Files php_errors.log>
Order allow,deny
Deny from all
Satisfy All
</Files>
EDIT AGAIN:
I have also tried:
RewriteCond %{REQUEST_URI} !((adm[^/]+)/|ajax|google([a-z0-9])|tools|swf|confirm|style) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . index.php [L,NC]
RewriteCond %{REQUEST_URI} !/((.*)/adm/(.*)|ajax|google([a-z0-9])|tools|swf|confirm|style) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . index.php [L,NC]
Negative Lookahead
If I'm understanding correctly, the basic pattern you're looking for (with possible refinements) is:
adm(?![a-z])
(?![a-z]) is a lookahead that ensures that the following character is not a letter.
In mod-rewrite, you can make this case-insensitive with (?i)adm(?![a-z])
You can just add one more negative RewriteCond here to skip /adm/ URI from this rewrite:
RewriteCond %{REQUEST_URI} !/(adm|ajax|google([a-z0-9])|tools|swf|confirm|style) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule !adm index.php [L,NC]
How about doing the opposite?
If it contains "/adm/" (including "slash") then stop
Otherwise redirect all to index.php
Like that:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule (.*)/adm/(.*) - [QSA,L]
RewriteRule (.*) index.php [QSA,L]
Related
I have a code here that rewrite URLs, denies filenames that has extension, and allows specific files.
RewriteEngine On
# XAMPP /Brian
# Trailing Slash
RewriteCond %{REQUEST_URI} !/Brian/$
RewriteCond %{REQUEST_URI} !\.[^/]*$
RewriteRule !/$ %{REQUEST_URI}/ [L,R=301]
RewriteCond %{REQUEST_FILENAME} !-d
# XAMPP /Brian
#Exclude from redirect
RewriteCond %{REQUEST_URI} !^/Brian/index.php$
RewriteCond %{REQUEST_URI} !^/Brian/pass.txt$
RewriteCond %{REQUEST_URI} !^/Brian/dist/.*\.(css|js)$
RewriteRule .* index.php
<FilesMatch "[^/]*(?!.*\/)\..*$">
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
<FilesMatch "\.(php|css|js|txt)$">
Order Allow,Deny
Allow from all
</FilesMatch>
Examples:
http://localhost:8080/Brian/pass -> http://localhost:8080/Brian/pass/ # CORRECT, slash added
http://localhost:8080/Brian/pass.txt -> http://localhost:8080/Brian/pass.txt # CORRECT, no slash added, no error 403
http://localhost:8080/Brian/pass.txts -> http://localhost:8080/Brian/pass.txts # CORRECT, no slash added, error 403
http://localhost:8080/Brian/pass.txt/pass2-> http://localhost:8080/Brian/pass.txt/pass2/ # CORRECT, no slash added, no error 403
http://localhost:8080/Brian/pass.txt/pass2.txt -> http://localhost:8080/Brian/pass.txt/pass2.txt # CORRECT, no slash added, no error 403
My problem is this.
http://localhost:8080/Brian/pass.txts/pass2.txt -> http://localhost:8080/Brian/pass.txts/pass2.txt # NOT CORRECT, no slash added, error 403
I noticed that the FilesMatch only reads the string before the first slash which is the pass.txts and not the pass2.txt.
How can I make it read the last string after the last slash? Need help. Thanks!
Updated:
RewriteEngine On
# XAMPP /Brian
# Trailing Slash
RewriteCond %{REQUEST_URI} !/Brian/$
RewriteCond %{REQUEST_URI} !\.[^/]*$
RewriteRule !/$ %{REQUEST_URI}/ [L,R=301]
RewriteCond %{REQUEST_FILENAME} !-d
# XAMPP /Brian
#Exclude from redirect
RewriteCond %{REQUEST_URI} !^/Brian/index.php$
RewriteCond %{REQUEST_URI} !^/Brian/pass.txt$
RewriteCond %{REQUEST_URI} !^/Brian/dist/.*\.(css|js)$
RewriteRule .* index.php
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
RewriteRule ^[^/.]+\.[^/.]+$ - [F]
RewriteRule !\.(php|css|js|txt)$ - [NC,F]
<FilesMatch "[^/]*(?!.*\/)\..*$">
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</FilesMatch>
Replace this block with a mod_rewrite rule as this:
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
RewriteRule ^[^/.]+\.[^/.]+$ - [F]
Then:
<FilesMatch "\.(php|css|js|txt)$">
Order Allow,Deny
Allow from all
</FilesMatch>
Replace this block with a mod_rewrite rule as this:
RewriteRule !\.(php|css|js|txt)$ - [NC,F]
This will match .txt in REQUEST_URI instead of getting it from REQUEST_FILENAME. F is for returning Forbidden or 403 to clients.
Your full .htaccess:
DirectoryIndex inddex.php
RewriteEngine On
# XAMPP /Brian
# Trailing Slash
RewriteCond %{REQUEST_URI} !/Brian/$
RewriteCond %{REQUEST_URI} !\.[^/]*$
RewriteRule !/$ %{REQUEST_URI}/ [L,R=301]
RewriteCond %{REMOTE_ADDR} !^(127\.0\.0\.1|::1)$
RewriteRule ^[^/.]+\.[^/.]+$ - [F]
RewriteRule !\.(php|css|js|txt)$ - [NC,F]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/Brian/(index\.php|pass\.txt|/dist/.*\.(css|js))$ [NC]
RewriteRule . index.php [L]
My Craft CMS 3 project has the following rewrite_rule in the /web .htaccess.
<IfModule mod_rewrite.c>
RewriteEngine On
# Send would-be 404 requests to Craft
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/(favicon\.ico|apple-touch-icon.*\.png)$ [NC]
RewriteRule (.+) index.php?p=$1 [QSA,L]
</IfModule>
Trying to implement cache busting has described here however struggling to combine the existing and proposed rewrite_rules.
https://nystudio107.com/blog/simple-static-asset-versioning
This is the cache busting rule I need to add.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*?\/)*?([a-z\.\-]+)(\d+)\.(bmp|css|cur|gif|ico|jpe?g|js|png|svgz?|webp|webmanifest)$ $1$2$4 [L]
</IfModule>
Below is the code I'm now using to solve this issue. Hope it helps someone.
<ifmodule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*?\/)*?([a-z\.\-]+)(\d+)\.(bmp|css|cur|gif|ico|jpe?g|js|png|svgz?|webp|webmanifest)$ $1$2$4 [NC]
# Send would-be 404 requests to Craft
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/(favicon\.ico|apple-touch-icon.*\.png)$ [NC]
RewriteRule (.+) index.php?p=$1 [QSA,NC]
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Port} !=443
RewriteRule (.*) https://%{HTTP_HOST}/$1 [R=301,L]
</ifmodule>
# Example to cache images and CSS files
# adjust and extend to your needs
<ifModule mod_headers.c>
# images expire after 1 week
<filesMatch ".(gif|png|jpg|jpeg|ico|pdf|svg|js)$">
Header set Cache-Control "max-age=604800"
</filesMatch>
# CSS expires after 1 week
<filesMatch ".(css|js|woff2)$">
Header set Cache-Control "max-age=604800"
</filesMatch>
</ifModule>
The problem: the presence of an identical URL to /page/, but with some file extension, i.e., /page.xml, results in a 404 for /page/.
So for example, my HTML sitemap, example.com/sitemap will 404 if example.com/sitemap.xml is present.
The .htaccess file of my Wordpress site contains rewrite conditionals that, as expected, appends a trailing slash to pages in the form of example.com/page so they are rewritten as example.com/page/.
.htaccess as follows:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule .* https://example.com%{REQUEST_URI} [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)([^/])$ /$1$2/ [L,R=301]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# BEGIN MainWP
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-content/plugins/mainwp-child/(.*)$ /wp-content/plugins/THIS_PLUGIN_DOES_NOT_EXIST [QSA,L]
</IfModule>
# END MainWP
So after some digging, I found the solution, which was to simply disable Multiviews in my .htaccess file, like so:
Options -MultiViews
Can anyone halp me with this .htaccess file, i've been trying to make an exception so i can access my subdomain which is
form.domain.com
i tried with
RewriteCond %{REQUEST_URI} !^/form/?$
and several other commands but with no luck
.htaccess :
#######################
# N - T H I N G ! #
#######################
# Apache options
Options +FollowSymLinks -Indexes
RewriteEngine on
# Allow only GET and POST verbs
RewriteCond %{REQUEST_METHOD} !^(GET|POST)$ [NC,OR]
# Ban Typical Vulnerability Scanners and others
# Kick out Script Kiddies
RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|curl|wget|python|nikto|wkito|pikto|scan|acunetix).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]
# Error Page
ErrorDocument 404 /404
# Redirect attachments
RewriteRule ^files/attachments/(.*)/(.*)/(.*)$ files/attachments/$1/$2/$3 [L]
# Redirect all requests to index.php
RewriteRule ^(.*)$ index.php [L,QSA]
To match a domain you should use %{HTTP_HOST} as in:
RewriteCond %{HTTP_HOST} ^form.domain.com$
RewriteRule ^.*$ - [L]
That says if the domain matches form.domain.com, allow the URL and stop processing rules.
See the Apache documentation for more details.
I usually use this htaccess file to remove index.php from my URLs in ExpressionEngine
AddType video/ogg .ogv
AddType video/mp4 .mp4
AddType video/webm .webm
AcceptPathInfo On
Options -Indexes
<IfModule mod_rewrite.c>
RewriteEngine On
Options +FollowSymLinks
# Looks for files and directories that do not exist
# and provide the segments to the index.php file
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond $1 !^/index.php
RewriteCond $1 !.(css|js|png|jpe?g|gif|ico)$ [NC]
RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>
While that works great, before we move this site into production, we're directing all traffic to the given url to another via this htaccess file
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1
RewriteRule ^(.*)$ http://www.anotherdomain.com/ [R=301,NC]
My own ip address is replacing the localhost call so that I can access the site.
Basically what I'm looking for is a combination of these 2 that will remove index.php from my URLs for me but still redirect everyone else.
Thanks,
Steven
Found that this works great:
RewriteEngine on
# If your IP address matches any of these - then dont re-write
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1
RewriteRule ^(.*)$ http://www.anothersite.com/ [R=302,L]
# do not rewrite links to the assets and theme files
RewriteCond $1 !^(assets|themes|images)
# do not rewrite for php files in the document root, robots.txt etc
RewriteCond $1 !^([^\..]+\.php|robots\.txt|crossdomain\.xml)
# but rewrite everything else
RewriteRule ^(.*)$ index.php/$1 [L]