I need to implement prevent XSS attacks by using apache rewrite following rewrite rules for all urls of the domain.
Converting < and > to < and >
Converting ( and ) to ( and )
Converting # and & to # and &
& --> &
< --> <
> --> >
" --> "
' --> '
I need two rules in apache to work
RewriteRule ^([^/]*).html$ index.php?page=$1 [L]
RewriteRule ^([^/]*)/([^/]*).html$ index.php?pnumber=$1&page=$2 [L]
First one rule does work and /index.php?page=something redirect to /something.html
Second rule does not work /index.php?pnumber=1&page=something need to be /1/something.html
But when make this link i got 404 error the request url not found.
Where is error, an how i can make to second rule work too?
I just installed httpd-2.4.10-win32 and I can't make mod_rewrite to work :
What I'd want is a proxy to receive a print.xxxx.com/appl uri and forwards to appl.serveur.xxxx.com:8080/streammaster
I do
RewriteCond %{HTTP_HOST} print.xxxx.com
RewriteRule /appl/ http://appl.serveur.xxxx.com:8080/streammaster [P]
and I get a redirect : 192.168.250.50 - - [28/Oct/2014:14:55:19 +0100] "GET /appl/ HTTP/1.1" 302 - mod_proxy is loaded and works of course.
I've tried lot of variations (it works the same in a virtual host without rewritecond) to no avail.
I am new to wordpress; I want a url rewrite rule for my htaccess. I want when a user visits www.domain.com/services/manu/ the url on the address bar should be www.domain.com/services/. I don't want a permanent redirect.
View 2 Replies View RelatedI'm trying to change url structure so instead of /default/category/product.html it would show /category/product.html
With this line I've managed to do it on my personal blog
RedirectMatch 301 /default/(.*) //$1
But when I've implemented it on a customers Magento site it started showing double slashes like this //category/product.html and the whole template just collapsed .
It should be a straight forward change. [URL] .... does not redirect to [URL]...... It simply tries to load /denver-cars/ and denver-cars is in the URL. Am I missing something here? I have tried moving it up and down the list of rules and have tried numerous types of flags to no avail. Everything else in the htacess works fine with out the line:
RewriteRule ^/(.*)-cars/ /newcars-in-$1/ [NC,R=301,L]
Here is my htaccess:
Options +FollowSymlinks
RewriteEngine on
RewriteBase /
# Force www
# Redirect google index dir's to new dir
RewriteRule ^/(.*)-cars/ /newcars-in-$1/ [NC,R=301,L]
[code]....
This is the mod_rewrite rule I'm trying to create. I am very new to Apache admin. Here's the issue:
I have 3 vhosts running on my HTTPD Apache 2.2.24 server: Server1, Server2, Server3. Each vhost is connected to a Weblogic application server. We are trying to prevent access to the Example.portal page on each application server.
So the URLs I'm trying to rewrite are:
- Server1.domain.com/PortalWeb/Example.portal
- Server2.domain.com/PortalWeb/Example.portal
- Server3.domain.com/PortalWeb/Example.portal
So, I would like to redirect the above URLs back to the 'root' of the website. ie: server1.domain.com. Here is my rewrite rule:
RewriteRule ^(.*)/Example.portal$ http://$1 [NC]
So, the rule is matching correctly to URLs that contain Example.portal, however the back reference from (.*) does not seem to map to $1.
I'm using .htaccess to show existing images instead of images which does not exist.
RewriteBase /images/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)_(.*)1200x900.jpg$ esittely_$21200x900.jpg
RewriteRule liiga1200x10.jpg esittely1200x10.jpg
RewriteRule liiga670x10.jpg esittely670x10.jpg [L]
Everyting works fine if an image does not exist.
But if an image does exist, the second RewriteRule
RewriteRule liiga1200x10.jpg esittely1200x10.jpg
will be used.
Why is that so? How could I modify my code to prevent that?Â
in wordpress is wp-includes folder, i dont want anyone just execute file from this directory so it just serve wordpress not any malicious file be executed from there,
so i added this rule into /wp-includes/.htaccess:
RewriteRule ^(wp-includes)/.*$ ./ [NC,R=301,L]
I am using the following mod_rewrite rule for shortened SEO friendly links: RewriteRule ^blog/([^/]*).html$ /blog/blog.php?pid=$1 [R=301,L]
For Google SEO reasons, will the shortened rewritten link created from above be the permanent link, from the R=301? Even though the longer link is still functional? Or, do I need to create a rewrite match 301 rule to push the long URL to the shortened URL permanently?
I have few subdomains pointing to a directory (using dedicated ip an A record)
I need the following rewrite rules:
[url]--> [url]
[url]--> [url]
[url]--> [url]
How can I do this?
I have to write Rewrite rule at .htaccess file
[url]
goes to
[url]
How to rewrite a url for example. I purchased ssl for example.com and when i take [url], it gives ssl domain mismatch error.
ie i want to rewrite
[url]
How do I go about converting the follow .htaccess file
Code:
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} /blogs/(clientscript|images)/
RewriteRule ^(.*)$ $1 [L]
RewriteRule ^blogs/([-a-z0-9] )/([-a-z0-9] )-([0-9] )/comment-([0-9] ).html blogs/viewblog.php?username=$1&entrytitle=$2&entry=$3&c=$4 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/([-a-z0-9] )-([0-9] )/feed/ blogs/syndication.php?entry=$3 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/([-a-z0-9] )-([0-9] )/ blogs/viewblog.php?username=$1&entrytitle=$2&entry=$3 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/category/([-a-z0-9] ).html blogs/viewblog.php?username=$1&categorydata=$2 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/([0-9]{4})/([0-9]{1,2})/ blogs/viewblog.php?username=$1&month=$3&year=$2 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/([0-9]{4})/([0-9]{1,2})/([0-9]{1,2}).html blogs/viewblog.php?username=$1&month=$3&year=$2&day=$4 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/archive.html blogs/viewblog.php?username=$1&displaymode=archive [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/feed/ blogs/syndication.php?username=$1 [QSA,L]
RewriteRule ^blogs/([-a-z0-9] )/ blogs/viewblog.php?username=$1 [QSA,L]
to work with lighthttpds rules?
I dowload a scripts with a .htaccess file
Code:
DirectoryIndex index.php
RewriteEngine On
RewriteRule ^link/([0-9]+)[/]*$ /redirect.php?id=$1
RewriteRule ^link/([a-zA-Z0-9]+)[/]*$ /redirect.php?tag=$1
I want to convert it to lighttpd rewrite rules, urgent, also I can't contact with the scripts author,
I have page like that : [URL] ....
I want to permanent redirect it to : [URL] ....
Also needs to redirect all another page have words ( rates ) to index.
any good rule to limit Apache (port 80) connections from 1 IP to 15 with iptables/csf?
And total connections to the box to 100?
I have a number of WordPress, Drupal, Wiki sites running under RHEL6.
Apache version:httpd -v
Server version: Apache/2.2.15 (Unix)
Server built: Aug 2 2013 08:02:18
We are subject to internal scans by Appscan and Tenable. It is a security requirement so I cannot just block them.
The scanners, of course, attempt to recurse the directory structure and find vulnerable files such as boot.ini, winnt.com and such.
This drives the php content management systems nuts.
Request comes in and is handled by php.
PHP checks the cache for that name and does not find it.
PHP generates a MySQL query and sends it.
MySQL tries and fails to satisfy the query.
MySQL returns result to php.
PHP Writes a cached of the result and presents it to the web.
In other words, a whole lot of processor/memory.
The security scans typically look like......
[Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET /../../../../../../../../../../../../etc/passwd HTTP/1.1
[Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ../../../../../../../../../../../../etc/passwd HTTP/1.1
[Thu Aug 29 00:35:15 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET //../../../../../../../../../../../../etc/passwd HTTP/1.1
[Thu Aug 29 00:32:26 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ....................windowswin.ini HTTP/1.1
[Thu Aug 29 00:32:26 2013] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET ....................winntwin.ini HTTP/1.1
I have been able to improve performance, speed and security by mod_rewrite
RewriteRule .*.(dll|ini|exe|com)$ - [R=404,NC]
Now (Finally) the question.
I have not been able to create a rule for the directory recursion.
I want to R=404 any that has a "../.." or "...." or ...." but I can not get it to recognize the string correctly.
I believe that this would improve speed and security.
I am new to apache, and really terrible with regular expressions.
How to craft an htaccess rule that looks a the URL of the page you are visiting, and redirects HTTPS to the same URL in HTTP if the URL contains a certain text string (in the case the word "products")...
how can i url rewrite, i tried to myself but failed miserably!.host.com/movie.php?id=123, 123 being any number!to: host.com/movie/123
View 3 Replies View RelatedI have all my specify modules are loaded in pache like mod_rewrite in other face I have a script need require mod_rewrite in install steps but I have in testing : Apache Mod-Rewrite Unavailable
but when I run httpd -l I get this list
PHP Code:
[root@server ~]# httpd -lCompiled in modules: core.c prefork.c http_core.c mod_so.c[root@server ~]#
With this whole no-www thing going on. I've decided to have a look at whether I can do this for my domains.
Instead of writing a
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.domain.com$ [NC]
RewriteRule ^(.*)$ h77p://domain.com/$1 [R=301,L]
for every single domain I'd like to do this for across all domains as standard. I'm not too hot on rewrite rules and have in the past avoided them cos of the complexities. But I'd like to get this done, and no silently do it, but reflect the URL difference in the webbrowsers address bar too.
I'm trying to rewrite the following URL, and the rewrite seems to work, but doesn't forward to the rewritten page.
From: domain.com/index.php?random
To: domain.com/random
RewriteRule ^random$ /index.php?random [L]
I have been trying to figure out how to do a url rewrite but no luck so far.
How can I have this [URL] ....
as the default [URL] ....
On my website at www.jamescobban.net I have a directory which contains an ancient copy of my old static implementation of the site. It is there just in case someone has saved a old URL. However the data in that directory is several years out of date, so I would like to redirect the old static URLs to the equivalent dynamic URLs. For example: URLs.....
I wasn't warned that the <Directory> in the Apache conf file has to specify AllowOverride All whereas the default that is created when I install Ubuntu is AllowOverride None.I wasn't warned that I have to enable the mod_rewrite using a2enmod or else the rewrite commands are rejected.I am testing this on my private copy of the web-site where I can fiddle with options like that in the config file, but when I migrate this to my public server I do not have that privilege, so I want to try setting up the URL rewriting in .htaccess.
I would like to write a rewrite rule that does the following:
RewriteEngine On
Redirect 301 URL...
So what I want is that the first url is rewritten to go to the second ..I have a whole bunch of links that I have to redirect, so I would like to place them all into one .htaccess file or into the default configuration file of apache. So what I do not want is to create SomeFolder1 and someOtherFolder2 and to place a .htaccess file into that place in order to make it work. In fact I want to ignore the folders of the old link and only use the pagename.
I'm running Apache 2.4.4 Win32 on a Windows 2008 server. When trying to optimize a website I noticed a random reoccurring 2550ms delay in Time To First Byte. A file could have a TTFB of 200ms several times but suddenly it would get 2750ms. This could be a static file (image, html, js) or php. I've measured using ApacheBench (locally and remotely), webpagetest.org and bytecheck.com. After much trial and error I found the problem was with mod_rewrite. Disabling this and everything is fine.
I have setup a blank/new install with only basic config change (Listen, ServerRoot etc) to replicate result without anything else interfering. Following is the rewrite section I add to config.
Code:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule (^/Pictures.*) /$1 [L]
</IfModule>
After Apache has started I execute "ab http://my.example.com/Pictures/Thumbnails/tmb_400X400_FFFFFF_660.jpg" and always get the delay. If I execute again it's normal. If I wait at least 30 seconds I get the delay. Following is a section from error.log with trace8 logging.
Code:
[Tue Mar 12 23:28:56.123519 2013] [rewrite:trace3] [pid 7624:tid 888] mod_rewrite.c(468): [client 69.x.y.90:36279] 69.x.y.90 - - [my.example.com/sid#42c748][rid#26df0d0/initial] applying pattern '(^/Pictures.*)' to uri '/Pictures/Thumbnails/tmb_400X400_FFFFFF_660.jpg'
[Code] ....
As you see from line 3 to line 4 the time skips 2550ms. When the TTFB is normal then the log is identical except time doesn't change from line 3 to line 4. If I delete the rewrite section in config then TTFB is always normal, no matter what.
When I testet on the live server the time for fully loaded increase from 3800-4000ms to 8500-10500ms when mod_rewrite is enabled. And that is about 30 requests (php+css+js+images). So the impact is significant.
What can this be? I'm having a hard time believing it's a bug. Isn't mod_rewrite used a lot? I'm running Ubuntu (linux) at home, I'm going to install Apache there and see if I get the same result.
In my web site I have several index pages in different languages in the following format
[URL] ....
Two days ago I noticed increased, many times. Google bot activity on my site and when I checked my log file I found that all pages crawled were wrong web addresses: to the above index were added existing files from my site like
/folder1/folder2/file.html
So, the strings looked like
[URL] ....
And surprisingly all they returned code "200".
My question is: is there any way to rewrite such requests to the first ".html" found in the string.
I am trying to capture 3-4 digits when sent as part of a URL, for them to be proxied to another URL. I have no control over how the source sends this data, I am supposed to redirect it. Which works.
#RewriteCond %{HTTP:whoisd-ussd-message} ([d]{2,4})
#RewriteRule ^/original/individual.do(.*)$ https://other.server.com/somewhere/011$1 [P]
The problem is this works for all URLs that have digits to this server. I am expecting to trap URLs that send digits as part of the first call to the server, but this also affects URL calls that are part of other server call transactions, once digits appear, it gets redirected. What can I do to stop this interference?
after I install my apache 2.4 on my notebook, I install it using PHP and it's successful, but when I use .htaccess
View 2 Replies View Related