in wordpress is wp-includes folder, i dont want anyone just execute file from this directory so it just serve wordpress not any malicious file be executed from there,
so i added this rule into /wp-includes/.htaccess:
RewriteRule ^(wp-includes)/.*$ ./ [NC,R=301,L]
This is the mod_rewrite rule I'm trying to create. I am very new to Apache admin. Here's the issue:
I have 3 vhosts running on my HTTPD Apache 2.2.24 server: Server1, Server2, Server3. Each vhost is connected to a Weblogic application server. We are trying to prevent access to the Example.portal page on each application server.
So the URLs I'm trying to rewrite are:
- Server1.domain.com/PortalWeb/Example.portal
- Server2.domain.com/PortalWeb/Example.portal
- Server3.domain.com/PortalWeb/Example.portal
So, I would like to redirect the above URLs back to the 'root' of the website. ie: server1.domain.com. Here is my rewrite rule:
RewriteRule ^(.*)/Example.portal$ http://$1 [NC]
So, the rule is matching correctly to URLs that contain Example.portal, however the back reference from (.*) does not seem to map to $1.
Ok, here's the deal. I am about to start a site to allow users to log into a password protected area and then, based on each individual user, they will be given access to a .pdf file which contains pricing and rate information that is specific to the particular user.
What is the best way for me to secure the location so that a person could not go to - for instance - www.site.com/docs/xxx.pdf and view someone else's file?
I am using a Win Server 2003/IIS 6 environment. The site will be written in php, and will have a SQL Server 2000 backend to store the userid/pwd combinations, and the name of the particular user's file. I know to make it where the contents of the directory can't be listed, but I need to make sure a person could not quess the filename of another users .pdf and be able to view it.
I need two rules in apache to work
RewriteRule ^([^/]*).html$ index.php?page=$1 [L]
RewriteRule ^([^/]*)/([^/]*).html$ index.php?pnumber=$1&page=$2 [L]
First one rule does work and /index.php?page=something redirect to /something.html
Second rule does not work /index.php?pnumber=1&page=something need to be /1/something.html
But when make this link i got 404 error the request url not found.
Where is error, an how i can make to second rule work too?
I need to implement prevent XSS attacks by using apache rewrite following rewrite rules for all urls of the domain.
Converting < and > to < and >
Converting ( and ) to ( and )
Converting # and & to # and &
& --> &
< --> <
> --> >
" --> "
' --> '
I just installed httpd-2.4.10-win32 and I can't make mod_rewrite to work :
What I'd want is a proxy to receive a print.xxxx.com/appl uri and forwards to appl.serveur.xxxx.com:8080/streammaster
I do
RewriteCond %{HTTP_HOST} print.xxxx.com
RewriteRule /appl/ http://appl.serveur.xxxx.com:8080/streammaster [P]
and I get a redirect : 192.168.250.50 - - [28/Oct/2014:14:55:19 +0100] "GET /appl/ HTTP/1.1" 302 - mod_proxy is loaded and works of course.
I've tried lot of variations (it works the same in a virtual host without rewritecond) to no avail.
I am new to wordpress; I want a url rewrite rule for my htaccess. I want when a user visits www.domain.com/services/manu/ the url on the address bar should be www.domain.com/services/. I don't want a permanent redirect.
View 2 Replies View RelatedI'm trying to change url structure so instead of /default/category/product.html it would show /category/product.html
With this line I've managed to do it on my personal blog
RedirectMatch 301 /default/(.*) //$1
But when I've implemented it on a customers Magento site it started showing double slashes like this //category/product.html and the whole template just collapsed .
I have recently switched from Ubuntu to Mint because I would like to enjoy out of the box functionality. I installed Apache, PHP and Mysql. When I go to localhost, the page displays correctly indicating that the server is functioning. In /var/www/html I created devPages. In devPages I created a symlink to a directory in my home directory where I keep all of my html/php files.
When I point my browser to http://localhost/devPages/1/ I get "You don't have permission to access /devPages/1/ on this server". This appears to be a permissions/ownership issue. I don't want to change the permissions for the directory or files in the home directory because they are set to work properly on my production server. Is there a way to get apache to accept files in my home directory?
I have set owner and group for devPages and the symlink to www-data. Set permissions to 755 for devPages.
By the way, under Ubuntu, I have always used a symlink and it always worked without any issues.
It should be a straight forward change. [URL] .... does not redirect to [URL]...... It simply tries to load /denver-cars/ and denver-cars is in the URL. Am I missing something here? I have tried moving it up and down the list of rules and have tried numerous types of flags to no avail. Everything else in the htacess works fine with out the line:
RewriteRule ^/(.*)-cars/ /newcars-in-$1/ [NC,R=301,L]
Here is my htaccess:
Options +FollowSymlinks
RewriteEngine on
RewriteBase /
# Force www
# Redirect google index dir's to new dir
RewriteRule ^/(.*)-cars/ /newcars-in-$1/ [NC,R=301,L]
[code]....
I'm using .htaccess to show existing images instead of images which does not exist.
RewriteBase /images/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)_(.*)1200x900.jpg$ esittely_$21200x900.jpg
RewriteRule liiga1200x10.jpg esittely1200x10.jpg
RewriteRule liiga670x10.jpg esittely670x10.jpg [L]
Everyting works fine if an image does not exist.
But if an image does exist, the second RewriteRule
RewriteRule liiga1200x10.jpg esittely1200x10.jpg
will be used.
Why is that so? How could I modify my code to prevent that?
I am using the following mod_rewrite rule for shortened SEO friendly links: RewriteRule ^blog/([^/]*).html$ /blog/blog.php?pid=$1 [R=301,L]
For Google SEO reasons, will the shortened rewritten link created from above be the permanent link, from the R=301? Even though the longer link is still functional? Or, do I need to create a rewrite match 301 rule to push the long URL to the shortened URL permanently?
I have a number of WordPress, Drupal, Wiki sites running under RHEL6.
Apache version:httpd -v
Server version: Apache/2.2.15 (Unix)
Server built: Aug 2 2013 08:02:18
We are subject to internal scans by Appscan and Tenable. It is a security requirement so I cannot just block them.
The scanners, of course, attempt to recurse the directory structure and find vulnerable files such as boot.ini, winnt.com and such.
This drives the php content management systems nuts.
Request comes in and is handled by php.
PHP checks the cache for that name and does not find it.
PHP generates a MySQL query and sends it.
MySQL tries and fails to satisfy the query.
MySQL returns result to php.
PHP Writes a cached of the result and presents it to the web.
In other words, a whole lot of processor/memory.
The security scans typically look like......
[Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET /../../../../../../../../../../../../etc/passwd HTTP/1.1
[Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ../../../../../../../../../../../../etc/passwd HTTP/1.1
[Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET //../../../../../../../../../../../../etc/passwd HTTP/1.1
[Thu Aug 29 00:32:26 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ....................windowswin.ini HTTP/1.1
[Thu Aug 29 00:32:26 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ....................winntwin.ini HTTP/1.1
I have been able to improve performance, speed and security by mod_rewrite
RewriteRule .*.(dll|ini|exe|com)$ - [R=404,NC]
Now (Finally) the question.
I have not been able to create a rule for the directory recursion.
I want to R=404 any that has a "../.." or "...." or ...." but I can not get it to recognize the string correctly.
I believe that this would improve speed and security.
I would like to write a rewrite rule that does the following:
RewriteEngine On
Redirect 301 URL...
So what I want is that the first url is rewritten to go to the second ..I have a whole bunch of links that I have to redirect, so I would like to place them all into one .htaccess file or into the default configuration file of apache. So what I do not want is to create SomeFolder1 and someOtherFolder2 and to place a .htaccess file into that place in order to make it work. In fact I want to ignore the folders of the old link and only use the pagename.
Why my rules don't work as I want?
I want to make hidden rewrite from url like host.sk/dir/dir2
I have recently had number of websites that link directly to images from my website. This is not hotlinking, it is direct server request. As an example: on the linking website there is image gallery script with thumbnails and when the visitor clicks on the thumb it calls the image from my website.
I block their IP-s in .htaccess, but it is not the best way to stop them since IP change. Is there any way, similar to anti-hotlinking, to deny such direct access to my images by domain name i.e. to allow only from my website and deny from all others. Or something else that could work in my case with .htaccess.
I have few subdomains pointing to a directory (using dedicated ip an A record)
I need the following rewrite rules:
[url]--> [url]
[url]--> [url]
[url]--> [url]
How can I do this?
I have to write Rewrite rule at .htaccess file
[url]
goes to
[url]
How to rewrite a url for example. I purchased ssl for example.com and when i take [url], it gives ssl domain mismatch error.
ie i want to rewrite
[url]
I am a beginner in Apache Web server, whether it is possible to make some rewrite function ( or something similar ) to add some text on url from access ?
For example URL....
I need some function in httpd.conf where in SetHandler server-status ( URL... ) can see users who are connected like /testurl username=someusername:somepassword ?
I did link http://someusername:somepassword@domen.com/testurl?username=someusername:somepassword but some users delete from ?username=someusername:somepassword from link and I have a problem to monitoring that lines !
I'm trying to set up a multi-tenant web application across multiple servers and would like to provide ssl for those tenants
I know this is possible to dynamically assign ssl using mod_rewrite, but I'm worried about speed.
Does apache cache the ssl cert file(s) when using mod_rewrite, or does apache lookup the ssl file every handshake / session?
How ssl cert files work and if using mod_rewrite is a worthy approach if connection speed is important.
Does anyone know the mod rewrite code to direct to www. and https?
View 3 Replies View RelatedHow do I go about converting the follow .htaccess file
Code:
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} /blogs/(clientscript|images)/
RewriteRule ^(.*)$ $1 [L]
RewriteRule ^blogs/([-a-z0-9] )/([-a-z0-9] )-([0-9] )/comment-([0-9] ).html blogs/viewblog.php?username=$1&entrytitle=$2&entry=$3&c=$4 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/([-a-z0-9] )-([0-9] )/feed/ blogs/syndication.php?entry=$3 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/([-a-z0-9] )-([0-9] )/ blogs/viewblog.php?username=$1&entrytitle=$2&entry=$3 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/category/([-a-z0-9] ).html blogs/viewblog.php?username=$1&categorydata=$2 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/([0-9]{4})/([0-9]{1,2})/ blogs/viewblog.php?username=$1&month=$3&year=$2 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/([0-9]{4})/([0-9]{1,2})/([0-9]{1,2}).html blogs/viewblog.php?username=$1&month=$3&year=$2&day=$4 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/archive.html blogs/viewblog.php?username=$1&displaymode=archive [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/feed/ blogs/syndication.php?username=$1 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/ blogs/viewblog.php?username=$1 [QSA,L]
to work with lighthttpds rules?
I'm new to Apache. I'm using a version 2.4 for Windows 7. It didn't come in as an .msi so I had to configure the appropriate web-server name via the httpd text document.
Each time I go to http://localhost, I am present with a page with the content "It works." I tried adding a different .html file into the directory to see if I could access that also, but I was not able to navigate to it via the address bar. So I edited the content of index.html from 'It works!' to "It works?!!!" but sadly, the actual page is still showing 'It works!' for its content (Rather ironic, huh?).
So, for whatever reason, the actual 'localhost' page isn't updating or even noticing any of my edits in what I presume to be the correct directory.
Here's my httpd document for referenc [URL] ....
When a user enters the whole url to a file on the webserver he/she can view this file. I want to prevent this and only allow access to the files from within the application (under apache). How can I do that? I already tried:
<Directory /var/www/html/folder/files>
order deny,allow
allow from localhost
</Directory>
This works BUT the file also isn't viewable from within the application anymore.
In web application we are facing high vulnerability issue based on the session validation.
We can download the files from the server whenever we are passing the link even without login. The links are directly hit into the server and download the files any type of files extension such as .txt, .xml, .zip and so on.
Need the solution for this issue: How will we resolve the issue using validate the session in apache side?
Scenario as below:
When user manually passing the request if user logged they should access the files
When user manually passing the request if user is not login they shouldn't access the files
Here both the scenarios they can access the files but we want to restrict when the request is coming to apache without login.
EX: [URL] ....
When i tried above link I can able to view the file in browser. Even able to download all different fies extension which are having in the under tomcat webapps dir.
How we can restrict this in apache code or any other files in apache side or is there any way to validate the request is logged one or not?.
i'd like to use a code similar to the one below, to rewrite a sub directory to a subdomain. www.domain.com/aoa/info/ to info.domain.com and then error 301 if someone goes to www.domain.com/aoa/info/ directly
# rewrite foo subdomain requests to foo subdirectory
rewriteCond %{HTTP_HOST} ^foo.example.com
rewriteCond %{REQUEST_URI} !^/foo/
rewriteRule (.*) /foo/$1 [L]
#
# Prevent direct client access to foo subdirectory
rewriteCond %{THE_REQUEST} ^[A-Z]{3,9} /foo [NC]
rewriteRule ^foo(.+) [url]
I'm trying to configure an custom access_log file for an custom file called "extra.php"
How I can make an log file that's log only "extra.php" ....
I dowload a scripts with a .htaccess file
Code:
DirectoryIndex index.php
RewriteEngine On
RewriteRule ^link/([0-9]+)[/]*$ /redirect.php?id=$1
RewriteRule ^link/([a-zA-Z0-9]+)[/]*$ /redirect.php?tag=$1
I want to convert it to lighttpd rewrite rules, urgent, also I can't contact with the scripts author,
This topic has probably been covered many times. I am trying to block spam bots from direclty accessing scripts on my site. Measures I have taken thus far, also block my site pages that want are designed to use the scripts. This includes Hot Link Protection and a couple of directives in the .htaccess file.
how I can block direct access to my scripts?
Plesk: 12.0.18
phpMyAdmin: 4.2.5
When I try to access phpMyAdmin directly from the link: [URL] ....
I get the following error:
Welcome to phpMyAdmin
You probably did not create a configuration file. You might want to use the setup script to create one.
Error
MySQL said: Documentation
Cannot connect: invalid settings.
Retry to connectClick to expand...