I wanted to serve .xhtml files as
application/xhtml+xml if the browser says that it accepts it.
text/html otherwise
I tried doing it with mod_rewrite but it didn't work with Options -FollowSymLinks (see Why I do I get 403 Forbidden when viewing files affected by Apache RewriteRule if I have `Options -FollowSymLinks`?).
Then, I tried
<Files "*.xhtml">
<If "%{HTTP:Accept} !~ /application\/xhtml\+xml/">
ForceType text/html
</If>
</Files>
But I get a syntax error: Failed to compile regular expression.
Meanwhile, I use this code...
<Files "*.xhtml">
<If "%{HTTP:Accept} !~ /xhtml\+xml/">
ForceType text/html
</If>
</Files>
... which works, but I want to match the correct MIME type.
You could use an escape code like \x2F instead of the /.
It looks like improving this is still under construction as of Apache 2.4. Apache team member "covener" recommends m#regexp# instead.
So your code would look like this...
<If "%{HTTP:Accept} !~ m#application/xhtml\+xml#">
Related
I am using htaccess to deny access to my php-files. Nevertheless I need some of them called from outside, e.g. index.php
I came up with
<Files a_string_a.php>
Order Allow,Deny
Allow from all
</Files>
Works as expected, I can use the file. But I have several files. I want to avoid to write for every files such a block. Is there a chance to explain htaccess that it shall give access to all files that matches
..._string_.....PHP? (containing a unique string no matter what else is in the filename)
I am pretty sure there is a RegExpress for this but I am kinda lost and not sue how to integrate this into htacess - thank you for a tip.
Maybe like this:
<FilesMatch "(index|foo|bar)\.php$">
Order Allow,Deny
Allow from all
</FilesMatch>
And add any file basename with a | (regex or).
See https://httpd.apache.org/docs/2.4/mod/core.html#filesmatch
..._string_.....PHP? (containing a unique string no matter what else is in the filename)
You may be able to use this FilesMatch directive with a regex:
<FilesMatch "(?i)^.*_string_.*\.php$">
Order Allow,Deny
Allow from all
</FilesMatch>
RegEx Details:
(?i): Enable ignore case matching
^: Start
.*: Match 0 or more of any characters
_string_: Match _string_
.*: Match 0 or more of any characters
\.php: Match .php
$: End
I'm really not into regular expression and I have trouble to set a rule for my website.
I have two index files, named index-pc.php and a second named index-mob.php, and I want to be able to hide the -pc/-mob part of the filename. Which syntax I should use to do so?
My current rule is:
RewriteEngine On
RewriteRule ^index-(pc|mob)\.php$ index.php [L]
But this rule is not working. What I'm missing?
Thank you.
The regex seems to be correct. Did you enabled .htaccess already? If not, open your httpd.conf and change
<Directory />
....
AllowOverride None
</Directory>
to
<Directory />
....
AllowOverride All
</Directory>
I have the following .htaccess file on our xxx.yyy.edu site, in the root.
<FilesMatch "(.+)\.php">
AuthType shibboleth
ShibRequestSetting requireSession 1
ShibUseHeaders On
Require valid-user
ShibRequestSetting redirectToSSL 443
</FilesMatch>
This should only match files that end in .php, and match all files that end in .php, then force authentication. That part of it appears to work fine.
However, it also matches the root url, http://xxx.yyy.edu and http://xxx.yyy.edu/. Which isn’t a good thing, since it is forcing the root of the site to be authenticated.
It does not match xxx.yyy.edu/index.htm, or any other url that has anything after the domain name, like xxx.yyy.edu/students.htm or even xxx.yyy.edu/x
I’ve tested it in www.regexr.com, and it does not match the root url there.
Any thoughts/suggestions appreciated.
You are getting authentication dialog because on your landing page default page is set to index.php.
Have this FilesMatch with negative lookahead to avoid index.php from authentication:
<FilesMatch "^(?!index\.php$).+?\.php$">
AuthType shibboleth
ShibRequestSetting requireSession 1
ShibUseHeaders On
Require valid-user
ShibRequestSetting redirectToSSL 443
</FilesMatch>
Sounds like perhaps it is matching the newline with the "dot" (a la XRegExp). Try something like \w+:[\d\w\s\./]+\.php.
As the title says, I would like to exclude from apache execution all php files but not some of them that I know to be "legal".
I've tried with [^(file1|file2|file3|...|filen)|(\*)].[(php)|^(\*)] but it seem to match only the last character of the file inside ()
I've also tried with negative lookahead but with no result.
Could someone point me in the right direction?
Edit: Obviously I use Deny from all under that expression
<Files> allows a regex use with ~ operator but <FilesMatch> should be preferred:
<FilesMatch '\.php$'>
Deny from all
</FilesMatch>
<FilesMatch '(file1|file2|file3)\.php$'>
Allow from all
</FilesMatch>
Official Doc says:
Regular expressions can also be used, with the addition of the ~
character. For example:
<Files ~ "\.(gif|jpe?g|png)$">
#... </Files>
would match most common Internet graphics formats. <FilesMatch> is
preferred, however.
I am running Apache httpd on Windows. I want to get Apache to make index.html uncacheable - but only the home index.html, no other index.html files. This is what I have so far:
<Directory "D:\path\to\root">
<FilesMatch "index.html$">
Header set Cache-Control "max-age=0, must-revalidate"
</FilesMatch>
</Directory>
It works - but works for all index.html files. How can I narrow this down to just the one index.html? Apparently I can use regex in Directory, but I this did not work:
<Directory ~ "D:\\path\\to\\root">
You can specify a path instead of just a file name inside the Files directive. So I guess the same applies to the FilesMatch directive. That way you could exclude files that carry a path from their subsirectory when being matched against the regular expression.
Note that I have not tested this, but it might be worth a try:
<Directory "D:\path\to\root">
<FilesMatch "^[^\\]*index.html$">
Header set Cache-Control "max-age=0, must-revalidate"
</FilesMatch >
</Directory>
Note that I am also not sure about which backslash (\) you have to escape and which not. This strange path notation MS-Windows uses internally really is a problem. Not only when dealing with regular expressions :-)
This works nicely:
<Location /index.html>
Header set Cache-Control "max-age=0, must-revalidate"
</Location>