I have the following .htaccess file on our xxx.yyy.edu site, in the root.
<FilesMatch "(.+)\.php">
AuthType shibboleth
ShibRequestSetting requireSession 1
ShibUseHeaders On
Require valid-user
ShibRequestSetting redirectToSSL 443
</FilesMatch>
This should only match files that end in .php, and match all files that end in .php, then force authentication. That part of it appears to work fine.
However, it also matches the root url, http://xxx.yyy.edu and http://xxx.yyy.edu/. Which isn’t a good thing, since it is forcing the root of the site to be authenticated.
It does not match xxx.yyy.edu/index.htm, or any other url that has anything after the domain name, like xxx.yyy.edu/students.htm or even xxx.yyy.edu/x
I’ve tested it in www.regexr.com, and it does not match the root url there.
Any thoughts/suggestions appreciated.
You are getting authentication dialog because on your landing page default page is set to index.php.
Have this FilesMatch with negative lookahead to avoid index.php from authentication:
<FilesMatch "^(?!index\.php$).+?\.php$">
AuthType shibboleth
ShibRequestSetting requireSession 1
ShibUseHeaders On
Require valid-user
ShibRequestSetting redirectToSSL 443
</FilesMatch>
Sounds like perhaps it is matching the newline with the "dot" (a la XRegExp). Try something like \w+:[\d\w\s\./]+\.php.
Related
My goal is to deny access to all dot-files e.g .htaccess, .env and send back a 404, but allow the letsencrypt-folder .well-known to be accessed
RewriteEngine On
RewriteRule "(^|/)\.(?!well-known)" - [F]
RedirectMatch 404 /\..*$
Any hint on how to achieve this is highly appreciated
Best endo
Try the following instead:
RewriteEngine On
RewriteRule (?:^|/)\.[^/]+$ - [R=404]
This will serve a 404 for any file (or rather, last URL-path segment) that starts with a dot. But it will permit .well-known/ - since this is a directory and so is also suffixed by at least a slash + filename.
UPDATE: Modified regex so that it matches the dot at the start of the last path-segment, rather than anywhere in the last path-segment!
Note that the F flag responds with a 403 Forbidden, not a 404 as requested.
Alternatively, you can use a <Files> (or <FilesMatch>) container, which only matches "files". For example:
<Files ".*">
# 404 Not Found
Redirect 404 /
# OR... 403 Forbidden
#Require all denied
</Files>
Although this does also block a request for /.well-known (no trailing slash) - although that's not strictly a valid request anyway.
I have created a .htaccess file and trying to have a CAS login when the user goes to a url (ie: https://www.mycompany.com/users/forms/immigration.php)
I have created a filesmatch if the page begins with either imm or imp and ends in a .php, it should prompt a CAS login. I have used the FilesMatch tag and here the following code:
<FilesMatch "^(imm|imp)\.php$">
Authtype CAS
Require valid-user
</FilesMatch>
Is there a different directive tag I should use?
You will need to include .* after initial part to allow matching immigration.php:
<FilesMatch "^(imm|imp).*\.php$">
Authtype CAS
Require valid-user
</FilesMatch>
I have urls like www.example.com/de/something and I need to redirect to www.example.com everything that starts with /de/.
At the moment I have done this
redirect 301 /de http://example.com
and it redirect all links but just removing /de part and result is www.example.com/something.
How to fix this?
Thanks
redirect directive matchs rest of the uri and appends it to the target, you can use RedirectMatch to redirect a specific uri
redirectMatch 301 ^/de/? http://example.com
If you want /de/ in the target you should have specified so, becasue Redirect will include in the target everything "after" what you have matched.
For a different virtualhost as the destination you want this:
Redirect 301 /de/ http://example.com/de/
or
Redirect 301 /de http://example.com/de
If what you want is redirect inside the same virtualhost /de to /, then use a negative lookahead.
RedirectMatch ^(?!de) http://example.com/
If the context is .htaccess, for virtualhost It would be:
RedirectMatch ^/(?!de) http://example.com/
Note: I use /de/ originally because that's what you describe in your question, and also I match slashes in the target. Both source and target without slashes would be fine too for cases like /desomething or /de/something. In any case, always match slashes or the lack of them.
Note2: Do not use .htaccess to redirect unless you are not the admin of the site. It just complicates things and adds unnecessary overhead since the file/s need to be checked a number of times per hit.
I have a website, it contains many urls, like:
/public
/public/images/...
/questions/...
/answers/...
...
I want to add some cache headers to all the urls except `/public/.*'. But I don't know how to write this regex.
I tried:
^(?<!\Q/public/E)/.*
But it not works.
.htaccess under apache? try:
<LocationMatch "^(?!/public/)[^\.]+$">
Header set Cache-Control max-age=7200
</LocationMatch>
My /train directory is aliased to a script in httpd.conf by:
WSGIScriptAlias /train /some-path/../django.wsgi
And it works well, except for one problem. If a user goes to /train (with no trailing slash) it will not redirect him to /train/, but will just give him the right page. This is a problem because this way the relative links on this page lead to the wrong place when no trailing slash was used to access it.
How can this be worked out?
Thanks.
I'm using something like this for redirecting /train to /train/, what I do is redirecting all the URL than doesn't end with / to /train/.
<Location "/train">
Order deny,allow
Allow from all
RewriteEngine on
RewriteRule !^.*/$ /train/ [R]
</Location>
WSGIScriptAlias /train /some-path/../django.wsgi
If you just need to redirect from /train to /train/ and not from every subdirectory without a trailing slash, then there's a simpler solution using the RedirectMatch directive:
RedirectMatch ^/train$ /train/
Set your urlconf to accept train/ as valid instead, then make train lead to a generic redirect to /train/.