Apache :: Mod Rewrite Rule To Disallow Direct Access To Files From Some Directory

Oct 26, 2014

in wordpress is wp-includes folder, i dont want anyone just execute file from this directory so it just serve wordpress not any malicious file be executed from there,

so i added this rule into /wp-includes/.htaccess:
RewriteRule ^(wp-includes)/.*$ ./ [NC,R=301,L]

View 2 Replies


Apache :: Mod Rewrite Rule To Prevent Access To Specific Page?

Jun 25, 2013

This is the mod_rewrite rule I'm trying to create. I am very new to Apache admin. Here's the issue:

I have 3 vhosts running on my HTTPD Apache 2.2.24 server: Server1, Server2, Server3. Each vhost is connected to a Weblogic application server. We are trying to prevent access to the Example.portal page on each application server.

So the URLs I'm trying to rewrite are:

- Server1.domain.com/PortalWeb/Example.portal
- Server2.domain.com/PortalWeb/Example.portal
- Server3.domain.com/PortalWeb/Example.portal

So, I would like to redirect the above URLs back to the 'root' of the website. ie: server1.domain.com. Here is my rewrite rule:

RewriteRule ^(.*)/Example.portal$ http://$1 [NC]

So, the rule is matching correctly to URLs that contain Example.portal, however the back reference from (.*) does not seem to map to $1.

View 6 Replies View Related

How To Disallow Access To A Everything In A Directory

Oct 26, 2005

Ok, here's the deal. I am about to start a site to allow users to log into a password protected area and then, based on each individual user, they will be given access to a .pdf file which contains pricing and rate information that is specific to the particular user.

What is the best way for me to secure the location so that a person could not go to - for instance - www.site.com/docs/xxx.pdf and view someone else's file?

I am using a Win Server 2003/IIS 6 environment. The site will be written in php, and will have a SQL Server 2000 backend to store the userid/pwd combinations, and the name of the particular user's file. I know to make it where the contents of the directory can't be listed, but I need to make sure a person could not quess the filename of another users .pdf and be able to view it.

View 1 Replies View Related

Apache Rewrite Rule - 404 Error

Apr 29, 2013

I need two rules in apache to work

RewriteRule ^([^/]*).html$ index.php?page=$1 [L]
RewriteRule ^([^/]*)/([^/]*).html$ index.php?pnumber=$1&page=$2 [L]

First one rule does work and /index.php?page=something redirect to /something.html

Second rule does not work /index.php?pnumber=1&page=something need to be /1/something.html

But when make this link i got 404 error the request url not found.

Where is error, an how i can make to second rule work too?

View 1 Replies View Related

Apache :: Rewrite Rule For OWASP XSS Conventions

Aug 13, 2014

I need to implement prevent XSS attacks by using apache rewrite following rewrite rules for all urls of the domain.

Converting < and > to < and >
Converting ( and ) to ( and )
Converting # and & to # and &

& --> &
< --> <
> --> >
" --> "
' --> '

View 2 Replies View Related

Apache :: Rewrite Rule Does Redirect Rather Than Proxy

Oct 28, 2014

I just installed httpd-2.4.10-win32 and I can't make mod_rewrite to work :

What I'd want is a proxy to receive a print.xxxx.com/appl uri and forwards to appl.serveur.xxxx.com:8080/streammaster

I do

RewriteCond %{HTTP_HOST} print.xxxx.com
RewriteRule /appl/ http://appl.serveur.xxxx.com:8080/streammaster [P]

and I get a redirect : - - [28/Oct/2014:14:55:19 +0100] "GET /appl/ HTTP/1.1" 302 - mod_proxy is loaded and works of course.

I've tried lot of variations (it works the same in a virtual host without rewritecond) to no avail.

View 4 Replies View Related

Apache :: URL Rewrite Rule Without Permanent Redirect

May 10, 2014

I am new to wordpress; I want a url rewrite rule for my htaccess. I want when a user visits www.domain.com/services/manu/ the url on the address bar should be www.domain.com/services/. I don't want a permanent redirect.

View 2 Replies View Related

Apache :: Writing Htaccess Rewrite Rule?

Feb 21, 2014

I'm trying to change url structure so instead of /default/category/product.html it would show /category/product.html

With this line I've managed to do it on my personal blog

RedirectMatch 301 /default/(.*) //$1

But when I've implemented it on a customers Magento site it started showing double slashes like this //category/product.html and the whole template just collapsed .

View 17 Replies View Related

Apache :: Accept Files In Home Directory - Development Server Access Denied

Jul 19, 2014

I have recently switched from Ubuntu to Mint because I would like to enjoy out of the box functionality. I installed Apache, PHP and Mysql. When I go to localhost, the page displays correctly indicating that the server is functioning. In /var/www/html I created devPages. In devPages I created a symlink to a directory in my home directory where I keep all of my html/php files.

When I point my browser to http://localhost/devPages/1/ I get "You don't have permission to access /devPages/1/ on this server". This appears to be a permissions/ownership issue. I don't want to change the permissions for the directory or files in the home directory because they are set to work properly on my production server. Is there a way to get apache to accept files in my home directory?

I have set owner and group for devPages and the symlink to www-data. Set permissions to 755 for devPages.

By the way, under Ubuntu, I have always used a symlink and it always worked without any issues.

View 1 Replies View Related

Apache :: HTAccess Won't Process Rewrite Rule Despite Many Attempts

Apr 1, 2015

It should be a straight forward change. [URL] .... does not redirect to [URL]...... It simply tries to load /denver-cars/ and denver-cars is in the URL. Am I missing something here? I have tried moving it up and down the list of rules and have tried numerous types of flags to no avail. Everything else in the htacess works fine with out the line:

RewriteRule ^/(.*)-cars/ /newcars-in-$1/ [NC,R=301,L]

Here is my htaccess:

Options +FollowSymlinks
RewriteEngine on
RewriteBase /
# Force www
# Redirect google index dir's to new dir
RewriteRule ^/(.*)-cars/ /newcars-in-$1/ [NC,R=301,L]


View 1 Replies View Related

Apache :: HTAccess And Rewrite Rule - Show Existing Images

Mar 8, 2015

I'm using .htaccess to show existing images instead of images which does not exist.

RewriteBase /images/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)_(.*)1200x900.jpg$ esittely_$21200x900.jpg
RewriteRule liiga1200x10.jpg esittely1200x10.jpg
RewriteRule liiga670x10.jpg esittely670x10.jpg [L]

Everyting works fine if an image does not exist.

But if an image does exist, the second RewriteRule
RewriteRule liiga1200x10.jpg esittely1200x10.jpg
will be used.

Why is that so? How could I modify my code to prevent that? 

View 2 Replies View Related

Apache :: Create Rewrite Match 301 Rule To Push Long URL To Shortened URL Permanently?

Jan 30, 2013

I am using the following mod_rewrite rule for shortened SEO friendly links: RewriteRule ^blog/([^/]*).html$ /blog/blog.php?pid=$1 [R=301,L]

For Google SEO reasons, will the shortened rewritten link created from above be the permanent link, from the R=301? Even though the longer link is still functional? Or, do I need to create a rewrite match 301 rule to push the long URL to the shortened URL permanently?

View 5 Replies View Related

Apache :: Creating Rule For Directory Recursion?

Aug 29, 2013

I have a number of WordPress, Drupal, Wiki sites running under RHEL6.

Apache version:httpd -v
Server version: Apache/2.2.15 (Unix)
Server built: Aug 2 2013 08:02:18

We are subject to internal scans by Appscan and Tenable. It is a security requirement so I cannot just block them.

The scanners, of course, attempt to recurse the directory structure and find vulnerable files such as boot.ini, winnt.com and such.

This drives the php content management systems nuts.
Request comes in and is handled by php.
PHP checks the cache for that name and does not find it.
PHP generates a MySQL query and sends it.
MySQL tries and fails to satisfy the query.
MySQL returns result to php.
PHP Writes a cached of the result and presents it to the web.

In other words, a whole lot of processor/memory.

The security scans typically look like......

[Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET /../../../../../../../../../../../../etc/passwd HTTP/1.1
[Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ../../../../../../../../../../../../etc/passwd HTTP/1.1
[Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET //../../../../../../../../../../../../etc/passwd HTTP/1.1
[Thu Aug 29 00:32:26 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ....................windowswin.ini HTTP/1.1
[Thu Aug 29 00:32:26 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ....................winntwin.ini HTTP/1.1

I have been able to improve performance, speed and security by mod_rewrite

RewriteRule .*.(dll|ini|exe|com)$ - [R=404,NC]

Now (Finally) the question.

I have not been able to create a rule for the directory recursion.

I want to R=404 any that has a "../.." or "...." or ...." but I can not get it to recognize the string correctly.

I believe that this would improve speed and security.

View 2 Replies View Related

Apache :: Rewrite For Any Directory

Oct 15, 2014

I would like to write a rewrite rule that does the following:

RewriteEngine On

Redirect 301 URL...

So what I want is that the first url is rewritten to go to the second ..I have a whole bunch of links that I have to redirect, so I would like to place them all into one .htaccess file or into the default configuration file of apache. So what I do not want is to create SomeFolder1 and someOtherFolder2 and to place a .htaccess file into that place in order to make it work. In fact I want to ignore the folders of the old link and only use the pagename.

View 1 Replies View Related

Apache :: Mod Rewrite Not Works With Existing Directory

Mar 14, 2013

Why my rules don't work as I want?

I want to make hidden rewrite from url like host.sk/dir/dir2

View 4 Replies View Related

Apache :: Deny Direct Access To Images From Other Websites In HTAccess

Jan 28, 2013

I have recently had number of websites that link directly to images from my website. This is not hotlinking, it is direct server request. As an example: on the linking website there is image gallery script with thumbnails and when the visitor clicks on the thumb it calls the image from my website.

I block their IP-s in .htaccess, but it is not the best way to stop them since IP change. Is there any way, similar to anti-hotlinking, to deny such direct access to my images by domain name i.e. to allow only from my website and deny from all others. Or something else that could work in my case with .htaccess.

View 8 Replies View Related

Mod Rewrite Rule

Feb 14, 2007

I have few subdomains pointing to a directory (using dedicated ip an A record)

I need the following rewrite rules:

[url]--> [url]
[url]--> [url]
[url]--> [url]

How can I do this?

View 3 Replies View Related

Rewrite Rule

Aug 7, 2007

I have to write Rewrite rule at .htaccess file

goes to

View 3 Replies View Related

Rewrite Rule

Jul 9, 2007

How to rewrite a url for example. I purchased ssl for example.com and when i take [url], it gives ssl domain mismatch error.

ie i want to rewrite

View 1 Replies View Related

Apache :: Possible To Make Some Rewrite Function To Add Some Text On URL From Access?

Jan 17, 2015

I am a beginner in Apache Web server, whether it is possible to make some rewrite function ( or something similar ) to add some text on url from access ?

For example URL....

I need some function in httpd.conf where in SetHandler server-status ( URL... ) can see users who are connected like /testurl username=someusername:somepassword ?

I did link http://someusername:somepassword@domen.com/testurl?username=someusername:somepassword but some users delete from ?username=someusername:somepassword from link and I have a problem to monitoring that lines ! 

View 3 Replies View Related

Apache :: SSL Cert Files And Mod Rewrite For Multi-tenant Hosting

Feb 21, 2015

I'm trying to set up a multi-tenant web application across multiple servers and would like to provide ssl for those tenants

I know this is possible to dynamically assign ssl using mod_rewrite, but I'm worried about speed.

Does apache cache the ssl cert file(s) when using mod_rewrite, or does apache lookup the ssl file every handshake / session?

How ssl cert files work and if using mod_rewrite is a worthy approach if connection speed is important.

View 1 Replies View Related

Does Anyone Know The Mod Rewrite Code To Direct To Www. And Https

Apr 2, 2008

Does anyone know the mod rewrite code to direct to www. and https?

View 3 Replies View Related

Convert .htaccess To Lighthttpd Rewrite Rule

Jun 5, 2007

How do I go about converting the follow .htaccess file

RewriteEngine On
RewriteBase /

RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} /blogs/(clientscript|images)/
RewriteRule ^(.*)$ $1 [L]

RewriteRule ^blogs/([-a-z0-9] )/([-a-z0-9] )-([0-9] )/comment-([0-9] ).html blogs/viewblog.php?username=$1&entrytitle=$2&entry=$3&c=$4 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/([-a-z0-9] )-([0-9] )/feed/ blogs/syndication.php?entry=$3 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/([-a-z0-9] )-([0-9] )/ blogs/viewblog.php?username=$1&entrytitle=$2&entry=$3 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/category/([-a-z0-9] ).html blogs/viewblog.php?username=$1&categorydata=$2 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/([0-9]{4})/([0-9]{1,2})/ blogs/viewblog.php?username=$1&month=$3&year=$2 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/([0-9]{4})/([0-9]{1,2})/([0-9]{1,2}).html blogs/viewblog.php?username=$1&month=$3&year=$2&day=$4 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/archive.html blogs/viewblog.php?username=$1&displaymode=archive [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/feed/ blogs/syndication.php?username=$1 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/ blogs/viewblog.php?username=$1 [QSA,L]
to work with lighthttpds rules?

View 2 Replies View Related

Apache :: Localhost Doesn't Update When Change Directory Files

Jul 15, 2013

I'm new to Apache. I'm using a version 2.4 for Windows 7. It didn't come in as an .msi so I had to configure the appropriate web-server name via the httpd text document.

Each time I go to http://localhost, I am present with a page with the content "It works." I tried adding a different .html file into the directory to see if I could access that also, but I was not able to navigate to it via the address bar. So I edited the content of index.html from 'It works!' to "It works?!!!" but sadly, the actual page is still showing 'It works!' for its content (Rather ironic, huh?).

So, for whatever reason, the actual 'localhost' page isn't updating or even noticing any of my edits in what I presume to be the correct directory.

Here's my httpd document for referenc [URL] ....

View 7 Replies View Related

Apache :: Prevent Access To Files

Mar 6, 2014

When a user enters the whole url to a file on the webserver he/she can view this file. I want to prevent this and only allow access to the files from within the application (under apache). How can I do that? I already tried:

<Directory /var/www/html/folder/files>
order deny,allow
allow from localhost

This works BUT the file also isn't viewable from within the application anymore.

View 1 Replies View Related

Apache :: Access Files Without Login / Authentication

Nov 18, 2014

In web application we are facing high vulnerability issue based on the session validation.

We can download the files from the server whenever we are passing the link even without login. The links are directly hit into the server and download the files any type of files extension such as .txt, .xml, .zip and so on.

Need the solution for this issue: How will we resolve the issue using validate the session in apache side?

Scenario as below:

When user manually passing the request if user logged they should access the files
When user manually passing the request if user is not login they shouldn't access the files

Here both the scenarios they can access the files but we want to restrict when the request is coming to apache without login.

EX: [URL] ....

When i tried above link I can able to view the file in browser. Even able to download all different fies extension which are having in the under tomcat webapps dir.

How we can restrict this in apache code or any other files in apache side or is there any way to validate the request is logged one or not?.

View 3 Replies View Related

Mod Rewrite Sub Directory To Subdomain

Feb 26, 2008

i'd like to use a code similar to the one below, to rewrite a sub directory to a subdomain. www.domain.com/aoa/info/ to info.domain.com and then error 301 if someone goes to www.domain.com/aoa/info/ directly

# rewrite foo subdomain requests to foo subdirectory
rewriteCond %{HTTP_HOST} ^foo.example.com
rewriteCond %{REQUEST_URI} !^/foo/
rewriteRule (.*) /foo/$1 [L]
# Prevent direct client access to foo subdirectory
rewriteCond %{THE_REQUEST} ^[A-Z]{3,9} /foo [NC]
rewriteRule ^foo(.+) [url]

View 5 Replies View Related

How To Configure Apache To Update Access Logs Files In Real Time

Jul 19, 2014

I'm trying to configure an custom access_log file for an custom file called "extra.php"

How I can make an log file that's log only "extra.php" ....

View 1 Replies View Related

Apache Rewrite ==> Lighttpd Rewrite

Jul 24, 2008

I dowload a scripts with a .htaccess file

DirectoryIndex index.php
RewriteEngine On
RewriteRule ^link/([0-9]+)[/]*$ /redirect.php?id=$1
RewriteRule ^link/([a-zA-Z0-9]+)[/]*$ /redirect.php?tag=$1

I want to convert it to lighttpd rewrite rules, urgent, also I can't contact with the scripts author,

View 0 Replies View Related

Blocking Direct Access To A Server Side Script

Aug 14, 2007

This topic has probably been covered many times. I am trying to block spam bots from direclty accessing scripts on my site. Measures I have taken thus far, also block my site pages that want are designed to use the scripts. This includes Hot Link Protection and a couple of directives in the .htaccess file.

how I can block direct access to my scripts?

View 0 Replies View Related

Plesk 11.x / Linux :: Can't Access PhpMyAdmin From Direct Link

Jan 3, 2015

Plesk: 12.0.18
phpMyAdmin: 4.2.5

When I try to access phpMyAdmin directly from the link: [URL] ....

I get the following error:

Welcome to phpMyAdmin

You probably did not create a configuration file. You might want to use the setup script to create one.


MySQL said: Documentation
Cannot connect: invalid settings.
Retry to connectClick to expand...

View 3 Replies View Related

Copyrights 2005-15 www.BigResource.com, All rights reserved