This is the mod_rewrite rule I'm trying to create. I am very new to Apache admin. Here's the issue:
I have 3 vhosts running on my HTTPD Apache 2.2.24 server: Server1, Server2, Server3. Each vhost is connected to a Weblogic application server. We are trying to prevent access to the Example.portal page on each application server.
Ok, here's the deal. I am about to start a site to allow users to log into a password protected area and then, based on each individual user, they will be given access to a .pdf file which contains pricing and rate information that is specific to the particular user.
What is the best way for me to secure the location so that a person could not go to - for instance - www.site.com/docs/xxx.pdf and view someone else's file?
I am using a Win Server 2003/IIS 6 environment. The site will be written in php, and will have a SQL Server 2000 backend to store the userid/pwd combinations, and the name of the particular user's file. I know to make it where the contents of the directory can't be listed, but I need to make sure a person could not quess the filename of another users .pdf and be able to view it.
I am new to wordpress; I want a url rewrite rule for my htaccess. I want when a user visits www.domain.com/services/manu/ the url on the address bar should be www.domain.com/services/. I don't want a permanent redirect.
I have recently switched from Ubuntu to Mint because I would like to enjoy out of the box functionality. I installed Apache, PHP and Mysql. When I go to localhost, the page displays correctly indicating that the server is functioning. In /var/www/html I created devPages. In devPages I created a symlink to a directory in my home directory where I keep all of my html/php files.
When I point my browser to http://localhost/devPages/1/ I get "You don't have permission to access /devPages/1/ on this server". This appears to be a permissions/ownership issue. I don't want to change the permissions for the directory or files in the home directory because they are set to work properly on my production server. Is there a way to get apache to accept files in my home directory?
I have set owner and group for devPages and the symlink to www-data. Set permissions to 755 for devPages.
By the way, under Ubuntu, I have always used a symlink and it always worked without any issues.
It should be a straight forward change. [URL] .... does not redirect to [URL]...... It simply tries to load /denver-cars/ and denver-cars is in the URL. Am I missing something here? I have tried moving it up and down the list of rules and have tried numerous types of flags to no avail. Everything else in the htacess works fine with out the line:
I am using the following mod_rewrite rule for shortened SEO friendly links: RewriteRule ^blog/([^/]*).html$ /blog/blog.php?pid=$1 [R=301,L]
For Google SEO reasons, will the shortened rewritten link created from above be the permanent link, from the R=301? Even though the longer link is still functional? Or, do I need to create a rewrite match 301 rule to push the long URL to the shortened URL permanently?
I have a number of WordPress, Drupal, Wiki sites running under RHEL6.
Apache version:httpd -v Server version: Apache/2.2.15 (Unix) Server built: Aug 2 2013 08:02:18
We are subject to internal scans by Appscan and Tenable. It is a security requirement so I cannot just block them.
The scanners, of course, attempt to recurse the directory structure and find vulnerable files such as boot.ini, winnt.com and such.
This drives the php content management systems nuts. Request comes in and is handled by php. PHP checks the cache for that name and does not find it. PHP generates a MySQL query and sends it. MySQL tries and fails to satisfy the query. MySQL returns result to php. PHP Writes a cached of the result and presents it to the web.
In other words, a whole lot of processor/memory.
The security scans typically look like......
[Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET /../../../../../../../../../../../../etc/passwd HTTP/1.1 [Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ../../../../../../../../../../../../etc/passwd HTTP/1.1 [Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET //../../../../../../../../../../../../etc/passwd HTTP/1.1 [Thu Aug 29 00:32:26 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ....................windowswin.ini HTTP/1.1 [Thu Aug 29 00:32:26 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ....................winntwin.ini HTTP/1.1
I have been able to improve performance, speed and security by mod_rewrite
RewriteRule .*.(dll|ini|exe|com)$ - [R=404,NC]
Now (Finally) the question.
I have not been able to create a rule for the directory recursion.
I want to R=404 any that has a "../.." or "...." or ...." but I can not get it to recognize the string correctly.
I believe that this would improve speed and security.
I would like to write a rewrite rule that does the following:
Redirect 301 URL...
So what I want is that the first url is rewritten to go to the second ..I have a whole bunch of links that I have to redirect, so I would like to place them all into one .htaccess file or into the default configuration file of apache. So what I do not want is to create SomeFolder1 and someOtherFolder2 and to place a .htaccess file into that place in order to make it work. In fact I want to ignore the folders of the old link and only use the pagename.
I have recently had number of websites that link directly to images from my website. This is not hotlinking, it is direct server request. As an example: on the linking website there is image gallery script with thumbnails and when the visitor clicks on the thumb it calls the image from my website.
I block their IP-s in .htaccess, but it is not the best way to stop them since IP change. Is there any way, similar to anti-hotlinking, to deny such direct access to my images by domain name i.e. to allow only from my website and deny from all others. Or something else that could work in my case with .htaccess.
I am a beginner in Apache Web server, whether it is possible to make some rewrite function ( or something similar ) to add some text on url from access ?
For example URL....
I need some function in httpd.conf where in SetHandler server-status ( URL... ) can see users who are connected like /testurl username=someusername:somepassword ?
I did link http://someusername:email@example.com/testurl?username=someusername:somepassword but some users delete from ?username=someusername:somepassword from link and I have a problem to monitoring that lines !
I'm new to Apache. I'm using a version 2.4 for Windows 7. It didn't come in as an .msi so I had to configure the appropriate web-server name via the httpd text document.
Each time I go to http://localhost, I am present with a page with the content "It works." I tried adding a different .html file into the directory to see if I could access that also, but I was not able to navigate to it via the address bar. So I edited the content of index.html from 'It works!' to "It works?!!!" but sadly, the actual page is still showing 'It works!' for its content (Rather ironic, huh?).
So, for whatever reason, the actual 'localhost' page isn't updating or even noticing any of my edits in what I presume to be the correct directory.
When a user enters the whole url to a file on the webserver he/she can view this file. I want to prevent this and only allow access to the files from within the application (under apache). How can I do that? I already tried:
<Directory /var/www/html/folder/files> order deny,allow allow from localhost </Directory>
This works BUT the file also isn't viewable from within the application anymore.
In web application we are facing high vulnerability issue based on the session validation.
We can download the files from the server whenever we are passing the link even without login. The links are directly hit into the server and download the files any type of files extension such as .txt, .xml, .zip and so on.
Need the solution for this issue: How will we resolve the issue using validate the session in apache side?
Scenario as below:
When user manually passing the request if user logged they should access the files When user manually passing the request if user is not login they shouldn't access the files
Here both the scenarios they can access the files but we want to restrict when the request is coming to apache without login.
EX: [URL] ....
When i tried above link I can able to view the file in browser. Even able to download all different fies extension which are having in the under tomcat webapps dir.
How we can restrict this in apache code or any other files in apache side or is there any way to validate the request is logged one or not?.
i'd like to use a code similar to the one below, to rewrite a sub directory to a subdomain. www.domain.com/aoa/info/ to info.domain.com and then error 301 if someone goes to www.domain.com/aoa/info/ directly
This topic has probably been covered many times. I am trying to block spam bots from direclty accessing scripts on my site. Measures I have taken thus far, also block my site pages that want are designed to use the scripts. This includes Hot Link Protection and a couple of directives in the .htaccess file.