Apache :: How To Deny Access To Specific File Using HTAccess
Jun 21, 2014I would like to deny access to .log
View 1 Replies
ADVERTISEMENT
Apache :: Deny Direct Access To Images From Other Websites In HTAccess
Jan 28, 2013I have recently had number of websites that link directly to images from my website. This is not hotlinking, it is direct server request. As an example: on the linking website there is image gallery script with thumbnails and when the visitor clicks on the thumb it calls the image from my website.
I block their IP-s in .htaccess, but it is not the best way to stop them since IP change. Is there any way, similar to anti-hotlinking, to deny such direct access to my images by domain name i.e. to allow only from my website and deny from all others. Or something else that could work in my case with .htaccess.
Apache :: How To Select Specific File With Path Using HTAccess
Jun 14, 2014I want to select a specific file by its path using .htaccess to allow access to it.
View 1 Replies View RelatedApache :: How To Block A Specific (Query String) URL Via HTAccess
Mar 18, 2013I don't know how to block a specific QUERY STRING url via .htaccess file, well actually I want to block this type of url :
test.php?q=RANDOMTEXT=&tl=The%20path%20ends
APF Deny Rules Still There Even If The Deny.hosts_rules File Is Empty
Feb 9, 2007I edited the /etc/apf/deny.hosts_rules files, then removed all lines from the file and finally restarted apf so it can restart with no deny host listed. But that is not working... the file appears empty or again with the rules removed before.
iptables -L -n shows the same banned hosts as dropped.
I already tried.. remove the deny hosts IPs from the file, then ran "iptables -F", then "service iptables save", and finally restarted apf and the deny IPs still there
Use .htaccess File To Allow Access To Zip Files Only From My Script
Feb 18, 2007I have download manager script that I use for my customers to download products right after the purchase.
Script generates download link that looks like this:
http://www.yourwebsite.com/download/...582921B&p=1840 (where 2YY6582921B is receipt number that is different with each purchase).
All products are placed in one folder. This folder can not be seen in above download url, but can be accessed thru browser and files can be downloaded that way without paying for them.
Can I use .htaccess and if yes how, to protect all product files the way that they can not be accessed directly by visiting url thru browser (in case somebody will find the correct url), they should be allowed for access only for my download manager script.
Apache :: Restrict Access To A Set Of IP In Specific URL
Jan 18, 2014I have Apache 2.2 installed on my Unix Server and have a couple of Application servers running each of them having similar Document Root.
For example, The URLS will look like below
https://my-test1.com/demo/index.html
https://my-prod1.com/demo/index.html
https://my-qa1.com/demo/index.html
The directory folder looks like
/myapp/my-test1/demo/index.html
/myapp/my-prod1/demo/index.html
/myapp/my-qa1/demo/index.html
I would like to restrict access to the above prod1 URL for a specific set of IP's. How can I achieve this.
Plesk 12.x / Linux :: Deny User Upload File Via File Manager Or Hidden File Tab?
Feb 10, 2015I'm build Plesk Panel for Linux and Presence Builder, I don't want my user can upload their website to hosting via File Manager. How can I do it...
View 2 Replies View RelatedApache :: How To Restrict Access Via IP Address For Specific Webpages
Apr 17, 2014I'm using Concrete5 CMS to create a website. This CMS creates/manages all its webpages in a mySQL database. Thus, there is no physical folder associated with each webpage, so I can't simply create an .htaccess file and place it in the directory tree in the right sub-folder to restrict access for that sub-folder and all folders it contains.
I have one .htaccess file located at the root level (e.g top-level folder for the website).
QUESTION 1: I need place in this top-level .htaccess file to (1) restrict access to only two specific IP addresses that I can specify (blocking access to all other IP addresses), and (2) specify the URL addresses that I wish to apply this rule to?
For example, let's say my website is [URL] ....
And I want to restrict access to the [URL] ....
and my .htaccess file is located at
/home/myname/public_html/conc/.htaccess
What code can do that?
Apache :: Mod Rewrite Rule To Prevent Access To Specific Page?
Jun 25, 2013This is the mod_rewrite rule I'm trying to create. I am very new to Apache admin. Here's the issue:
I have 3 vhosts running on my HTTPD Apache 2.2.24 server: Server1, Server2, Server3. Each vhost is connected to a Weblogic application server. We are trying to prevent access to the Example.portal page on each application server.
So the URLs I'm trying to rewrite are:
- Server1.domain.com/PortalWeb/Example.portal
- Server2.domain.com/PortalWeb/Example.portal
- Server3.domain.com/PortalWeb/Example.portal
So, I would like to redirect the above URLs back to the 'root' of the website. ie: server1.domain.com. Here is my rewrite rule:
RewriteRule ^(.*)/Example.portal$ http://$1 [NC]
So, the rule is matching correctly to URLs that contain Example.portal, however the back reference from (.*) does not seem to map to $1.
Plesk 12.x / Linux :: Firewall Allow Specific Source Deny Others Not Working?
Mar 28, 2015In plesk I have set the ssh rule to allow from source, deny others and added my IP. However, if I connect my PC to my work VPN, I can still login via ssh, even when I am on a different IP as the allowed IP
View 18 Replies View RelatedApache :: What Is HTAccess File
Jan 31, 2013what is .htaccess file? use of this file?
View 6 Replies View Related.htaccess-- Deny Froms
Apr 2, 2007I have amassed a large number of IP addresses [both partial and whole] in my .htaccess file-- which I deny access to. I have two questions:
[1] Can a larger list effect server performance?
[2] MySQL databases seem to be ignoring the .htaccess list. Why would this happen?
Apache :: Removing PHP For One File Only In HTAccess
Jun 11, 2014I'd like to change /comp.php to /comp but I have only found articles on how to remove .php completely and I don't want to do that, only want to do it for this one file.
View 5 Replies View RelatedApache :: How To Redirect To Different File In HTAccess
Jan 27, 2013So, I would like my htaccess file to check if a file exists and if it doesn't then redirect to another file. How would I go about doing this?
View 5 Replies View RelatedApache :: Write HTAccess File For A 301
Apr 15, 2013I have learned some bits of regular expressions for simple scripting, writing a .htaccess file is, uh, syntaxically daunting.
THE CASE :
The URLs of my site used to be of the form [URL] ... . They are now of the form [URL]......
I am trying to perma-redirect (301) the old format (affiche_fiche.php) to the new format (fiche.php) using a .htaccess.
So far all I have achieved is a hatred of punctuation signs. What's the correct syntax to have a .htaccess that does the redirect ?
THE CONTEXT : The format change took place more than six months ago, but the Google Webmaster Tools still spits 450 problems a day with 404s on URLs using the old format. I had assumed that these would just fade away, but they don't. So I guess that 301'ing them is cleaner. Or would be, if I understood the syntax.
Apache :: HTAccess File Is Not Working?
Feb 20, 2014I want to upload the custom 404 error page and .htaccess file to my website but .htaccess is not working on my web server. I have use the correct file name and try it many time but no result I have found. My web server is Microsoft IIS 7.5
View 2 Replies View RelatedApache :: Can Have HTAccess File Which Create Links
Mar 16, 2013In my personal website at URL.... I have the top like 'index.php?pg=profile', 'index.php?pg=home' or 'index.php' (without any querystring), 'index.php?pg=diary' etc. I am looking to see if I can have .htaccess file which can make me create links like
index.php/
index.php
index.php/home
index.php/profile
index.php/diary
write an .htaccess for the same?
Apache :: HTAccess File Included In Project - Stuck With 403 Error
Oct 8, 2012I was trying to set up archive-my-tweets [URL] .... and I seem to have gotten stuck with a 403 error. When I remove the .htaccess file the 403 goes away but so do the rewrite rules so that's a problem.
You'll see the contained .htaccess file that's included in the project.
Basically for now I'm just trying to run this on my mac. I have set up the files in a subdirectory of my personal web server. The personal web server is working fine--but when I go to the /tweets directory I get the 403.
Apache :: Will Editing HTAccess File In Cpanel Effect All Wordpress Domains And Subdomains
Mar 26, 2014I added the following to my cpanel .htaccess file on my hosting account:
<FilesMatch ".pdf$">header set x-robots-tag: noindex
</FilesMatch>
This was to stop Google from crawling and indexing my PDFs, will this work accross all my addon domains and subdomains (which are wordpress) on my hosting account or do I need to take extra measure?
Apache File Access
May 30, 2007I'm trying to set up Apache on CentOS 4. I'm using Apache 2.0 and it can't seem to access anything outside of the /var/www directory - it gives an Error 403.
I thought this would be down to SELinux but this is disabled. I've run the following command on the directory but with no luck:
Code:
chown apache /home/jmaskell -R
How Deny All To Access Website
Apr 29, 2009how can i deny all of ip instead 2 ip to access to some website?
because these are priv8 website and personal .
i thin that .htaccessis good.
can nany one creat it for me and ist good or use another method?
Apache :: How To Redirect Specific Useragent On Specific URLs
May 20, 2015I have question: How to redirect specific useragent on specific URLs to specific URLs in .htaccess [Question]
E.g.:
I want to redirect 301 with conditional:
Code:
useragent: Firefox
from my url1: domain[dot]com/old-url1/
from my url2: domain[dot]com/old-url2/
to
Code:
to new url1: in my url1: domain[dot]com/new-url1/
to new url2: in my url1: domain[dot]com/new-url2/
I create this in my .htaccess but not work
Code:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} googlebot [NC]
RewriteRule ^/?this-is-url/?$ domain[dot]com [L,R,NC]
Apache Access File On Mount
Sep 6, 2007I'm getting an error when I try to allow apache access a mount nfs folder...
View 4 Replies View RelatedHow To Deny Access Via Www.mydomain.com/~mycpanelusername/
May 23, 2008Is there a way to prevent accessing the website using the domain.com/~username/
Currently on most (all?) cpanel hosting plans it's possible to access the site via [rl].
Maybe there is something to prevent that as it could cause very serious duplicate content issues.
Moreover, I think it's a global bug that affects millions of hosting accounts. Yahoo, for example, many times indexes wrong URLs because of that... In many situations, if I knew your cpanel username, I could link to it instead of your domain to remove your site from search engines..
How Big Can Apache Access Log File Be Withouth Degrading The Performance Of A VPS
Nov 18, 2007How big can Apache access log file be withouth degrading the performance of a solid VPS solution with 764MB RAM?
I want to have it as big as it gets withouth seriously degrading the performance...
How Big Can Apache Access Log File Be Withouth Degrading The Performance Of A VPS
Nov 18, 2007How big can Apache access log file be withouth degrading the performance of a solid VPS solution with 764MB dedicated RAM?
I want to have it as big as it gets withouth seriously degrading the performance...
IX Web Hosting - Possible Worst Host Ever? Deny Access To Your Files!
Nov 6, 2008I signed up for hosting with IX Web Hosting in April of 2007. There have been two occasions that they provided the perfect example of Terrible Customer Service. So much so, my last pony ride with IX Web Hosting was my last. I decided to call it quits and move my account to Host Gator.
I keep my most important sites on a dedicated server at Servint.net. If you are interested in a dedicated server or VPS, I highly recommend Servint. You will not beat the level of service and professionalism this company offers. But that’s another post in itself.
The point is, I had some SEO tests I wanted to perform and I was looking for a hosting company that would allow me to host 10 different domains in the same account on different ip addresses. IX Web Hosting had the plan I was looking for. So in April of 2007, I signed up for a hosting account.
Overall, I was pretty satisfied with the server performance at IX Hosting. I experienced very little if any downtime from server issues. They don’t offer a standard cpanel interface like most web hosts. It appears to be a proprietary / in house control panel.
It was pretty straight forward and with a little time I was up to speed.
Then on June 5, 2008, I got the following email from a System Administrator at IX Web Hosting.
---------------------------
Hello,
My name is Anthony, and I am a system administrator at IXWebhosting. I’m here to ensure a reliable and fast hosting / e-mail environment. This is the reason why I ask you to get in touch with us.
We have received numerous complaints from third-parties about spam originating from your website. As you may know, spam is an on-going problem for all internet users, hence all companies have very strict rules against spam. I am here to ensure that neither you nor any other customer is facing any downsides which could be the result of these spam regulations.
We ask you to immediately cease and desist any such activities. If you are unaware of this activity, please contact me or any of my colleagues via this ticket, phone or live-chat so that we can find the reason for the spam activity together and fix the issue instead of the symptom. Viruses and things of that nature may be installed on your computer and will cause the spamming. We recommend that you run an anti-virus program. If you currently do not possess an anti-virus program, you may download a free version. Please just follow the link below to find Google’s best links for free anti-virus software:
google.com/search?q=free+anti-virus+software [url]
In order to ensure your hosting and mail environment is working flawlessly, we ask you to get in touch with us within the next 72 hours. I highly appreciate your time.
Best Regards,
Anthony Washington
System Administrator
IXWebhosting
-----------------------------------
They identified the domain as bestadtracking.com. This is a domain I own but have never promoted. Not only had I not sent spam through IX Web Hosting, I averaged less than 200 sent email a month on all the domains on my account. So on June 6, 2008 I responded to IX Web Hosting with the following two messages.
-----------------------------------
Hi Anthony,
I can assure you I am not sending spam from this domain or any others. I’m a little surprised that this domain is in question? I set it up over a year ago and haven’t ever promoted it. I don’t send any type of email over this domain. I have no reason to. It gets no traffic or inquiries.
Are you sure there isn’t some type of mistake? Otherwise, there are a couple of php style contact forms on that site. Could a hacker use that sort of thing to send spam? How can we track this down?
Thanks,
Brent Crouch
615-389-XXXX
-----------------------------------
Here is the second email I sent on the same day.
-----------------------------------
Hi Anthony,
I am using AVG on my computer and the scan completed finding no viruses. Besides that, I am using Outlook to manage the mail on several of my domains. I don’t even have a send account setup for bestadtracking.com on my computer. As I stated in the previous reply, I have no reason to since this domain is not promoted.
Can you give me the IP address of where the spam originates? I’d like to compare that to my IP address here at home and office.
Thanks,
Brent Crouch
-----------------------------------
I had no information to track the issue any further. The lack of response from IX Web Hosting left me to believe the issue had been resolved or there had been a mistake. Then 4 days later on June 10, 2008 I got this message.
-----------------------------------
Brent
We tried to reach you today in order to resolve this issue, but unfortunately it has been well over 72 hours since this ticket was placed. We must sadly suspend your services, please do not hesitate to call us at 1-800-385-0450 any time, day or night.
Best Regards
Ian
-----------------------------------
Amazing! They give me no information to solve this problem. On top of that, they don’t respond to my ticket in 4 days and because I didn’t answer the phone when they called they suspended not only the domain in question but every domain listed in my account.
I called in and spoke to a tech support guy who allowed me to remove the domain in question and in return, he restored my other domains. He also left a message to have the tech support manager call me the following day.
The manager I spoke to apologized for the way the ticket was handled and the lack of information that was given. He said he would follow up with the employees that were responsible for the ticket and make sure it never happened again. He was helpful in looking at the server logs and determining how someone had loaded a spam bot onto my site.
Apology accepted. Stuff happens. I considered it water under the bridge and not a big deal. Not so much…..
After my first run in with IX Web Hosting, I wrote the whole incident off as a fluke. The manager I spoke to seemed very sincere and assured me that wasn’t proper protocol and wouldn’t happen again. I was trucking right along until I got this email from them on October 26, 2008.
-----------------------------------
Dear Brent Crouch,
We have received notification of phishing material in your account. Phishing files are usually placed through some type of exploit of out dated code, weak file and folder permissions. Packaged shopping carts and photo galleries are usual sources as hackers find exploits and developers fix them almost daily, so unless you constantly update the software or completely secure it things like this can happen.
You must agree to remove this content and update any software that has resulted in security holes. To protect your account from further action you must agree to our request for compliance. Please respond to this message stating your intent to do so. You may either log into your control panel with us, and access this ticket via the 24/7 help desk, or provide this ticket number to our Live Chat or phone representatives. Failure to respond to this message within 72 hours will result in the suspension of the affected domain with us until such a time as this matter is resolved.
Michael
-----------------------------------
The email gave me no indication of which domain had been hacked. When I wrote to live help and gave them the ticket number, I spent 10 minutes waiting only to be told they didn’t know which of my domains had been effected. They recommended I reply to the online support ticket.
Here is the email I sent them in response on October 27, 2008.
-----------------------------------
I replied to live help and they could not find any information. So far you haven’t told me which domain is a problem.
Please give me the info I need to correct this problem and I’ll take care of it.
Brent Crouch
615-389-XXXX
-----------------------------------
Eight hours later, I was able to find the problem by viewing all the files on my domains and looking for the files that had been recently changed. It turned out my brentcrouch.com domain had been hacked and setup with all sorts of eBay and bank phising pages. The site operates on a Wordpress platform which is widely used and is a big target for hackers.
[url]
I wrote back to IX Web Hosting for a second time on October 27, 2008.
-----------------------------------
I found the problem on my brentcrouch.com domain. I updated the wordpress software to the latest and cleaned up the problem. The only exception is the brentcrouch.com/forum directory. I am unable to delete this directory as the hacker has removed my access. Please delete the directory.
Thanks,
Brent Crouch
-----------------------------------
The following day, here is the email I got back from IX Web Hosting.
-----------------------------------
Brent:
Thank you for your attention to this matter. Per your request we have removed:
/brentcrouch.com/forum - deleted
We will be closing this ticket at this time. If you have any questions please feel free to contact us. We will be happy to assist.
Please note that this is the second time this problem occurred. Unfortunately, I have to bring to your attention that as per our terms of service a third instance will result in immediate account termination without notice. No backups will be provided. If you have any questions about how to avoid this from happening again our support team will be glad to advise.
Respectfully
Frankie
Support Tech Representative
-----------------------------------
When I seen that response, I was pissed! I run my own server at Servint.net. I’ve hosting accounts at several other hosting companies. I’ve never had a site hacked except from IX Web Hosting.
In 4 months, I’ve had two sites hacked. In both instances, IX Hosting was zero help in locating the source of the problem. In the first incident, they didn’t even reply to my ticket for 4 days. In the latest incident, they couldn’t even tell me what domain was hacked.
Then they send me an email telling me if it happens again not only will they suspend my account, they’ll deny me access to my files! Huh?
That’s not a risk I’m willing to take. With the high costs of obtaining customer’s in this business, I’m a little surprised they don’t do a better job of trying to retain them. In my opinion, this policy is unacceptable and makes IX Web Hosting one of the worst hosts I’ve ever dealt with.
I just signed up for a hosting account with Host Gator and have already moved all my domains over. So far, so good.
What’s your experience with IX Web Hosting?
Deny Access To Exim For Free Trial Users
Jul 18, 2007INTRODUCTION
As owner of a hosting provider company, I face the problem of abusive users almost every day. More than 90% of all abuse on my server comes from free trial accounts. I offer free trial access to my servers for people who want to try things out before they purchase a hosting package, but off course this attracts spammers. To prevent trial users from using my server for spamming purposes, I modified my exim.pl file to prevent trial users from accessing the Exim mail server.
Please note that this tutorial has been written for cPanel servers. If you want to use it on a server with a different control panel, you'll need to modify the cpgetpack.c source. If you do so, please share your work with the community by posting it in a reply here.
STEP ONE
First you’ll need to download, compile and install my cpgetpack.c application. Here’s how:
Code:
gcc cpgetpack.c -o cpgetpack
mv cpgetpack /usr/bin/
chown cpanel:cpanel /usr/bin/cpgetpack
chmod +s /usr/bin/cpgetpack
STEP TWO
Now open the /etc/exim.pl file in your favorite text editor (make a backup first) and look for the following inside the checkuserpass subroutine:
Code:
$trueowner =~ s////g;
$trueowner =~ s/..//g;
if (isdemo(${trueowner})) {
return('no');
}
Below, paste the following code:
Code:
my $name = getpwuid($uid);
open(UP, "cpgetpack $name|");
my $userplan = <UP>;
close(UP);chop($userplan);
if ($userplan eq "radix_FreeTrial") {
return "no";
}
You will have to replace the radix_FreeTrial string with the package you assign to your trial users. This will prevent trial users from authenticating which prevents them from sending mail remotely.
STEP THREE
Users are now still able to send mail locally (for example using the PHP mail() function), so here’s what to do next.
Find the checkdemo subroutine in the exim.pl file and replace the complete subroutine with:
Code:
sub democheck {
my $uid = Exim::expand_string('$originator_uid');
if (isdemo($uid)) { return 'yes'; }
my $name = getpwuid($uid);
open(UP, "cpgetpack $name|");
my $userplan = <UP>;
close(UP);
chop($userplan);
if ($userplan eq "radix_FreeTrial") {
return 'yes';
}
return 'no';
}
STEP FOUR
Now just restart Exim:
Code:
service exim restart
It might be a good idea to create a trial account and see if it’s working. Enjoy!
REFERENCE:
Original post: [url]
Best regards,
Josh Burt
.htaccess To Exclude Specific Geographic Areas
Dec 9, 2008I have a client who uses formmail on our dedicated server(another 140 clients also share this PLESK/LINUX server). While the formmail script has not been hacked, some schmuk spends the time to fill it out with spam 5-6 times a day and sends them to the client.
I verified the emails go only to the site owner and nobody else.
QUESTION: Is there a way to exclude the entire world and only allow visitors from the metro Chicago area? This would need to be done via .htaccess and not IPTABLES, as the other sites on the server draw world wide traffic.
I'm scratching my head on this, but if possible it would exclude our schmuk friend while allowing the local traffic this client draws from.
