Openlitespeed password protected realm and rewriting rules - .htaccess

I am working with openlitespeed and have for my php application a virtual location "/backend/" which I like to have password protected. I also using "rewrite" rules at the root context so the requests get routed to my "/index.php". I noticed when I have a root context "/" with rewrite rules the "Realm" protected context "/backend/" get ignored, regardless which order I have specified in in my virtual host. Any luck to get this working?
context "Static" with URI "/" and rewriting rules
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php
context "Static" with URI "/backend" with "realm" and inherited rewriting rules
realm get ignored
it works if the directory "backend" on the file system exists, but then my rewriting will not work
context "LiteSpeed SAPI" with "backend" and "realm" but is not asking for the password.
I tried to switch the contexts in other order, but the effect is still the same. And yes I have restarted litespeed after the changes.

Related

Htaccess redirect for single page not working

My .htaccess file has redirect and rewrite code. It all works fine except for one page. I need to redirect https://example.com/shopping/ceylon-cinnamon-c-62.html and http://example.com/shopping/index.php?cPath=62 to https://example.com/ceylon-cinnamon-c-2_19.html I have tried the four lines under the NONE OF THESE WORK below (one at a time) but the redirect never works. The result url is https://example.com/c-62.html. Can anyone point out the problem or how to test it?
Options +FollowSymLinks -Indexes
RewriteEngine On
RewriteBase /
# NONE OF THESE WORK
Redirect 301 /shopping/ceylon-cinnamon-c-62.html https://example.com/index.php?cPath=2_19
Redirect 301 /shopping/index.php?cPath=62 https://example.com/index.php?cPath=2_19
RewriteRule ^(.*?)shopping/ceylon-cinnamon-c-62.html$ https://example.com/index.php?cPath=2_19 [R=301,L,NC]
RewriteRule ^(.*?)shopping/index.php?cPath=62$ https://example.com/index.php?cPath=2_19 [R=301,L,NC]
# THESE ALL WORK
RewriteRule ^shopping/(.*)$ /$1 [R=301,NC,L]
#redirect index.php to root
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteRule ^index\.php$ https://example.com/ [R=301,L]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]
RewriteRule ^(.*)-c-(.*).html$ index.php?cPath=$2&%{QUERY_STRING}
Your question is a bit vague... The example rules you give ("NONE OF THESE WORK") have little to do with what you ask in your question. And the claimed result of the rewriting attempts certainly is not what your attempts implement. So either your description is incorrect (written from memory maybe?) or you have some other factor in place which you do not tell us about (some application logic maybe that implements its own redirection?)...
Anyway, here are the simple rules to implement the exact redirection you ask about, independent of any other stuff:
RewriteEngine on
RewriteCond %{QUERY_STRING} (?:^|&)cPath=62(?:&|$)
RewriteRule ^/?shopping/index\.php$ /ceylon-cinnamon-c-2_19.html [R=301]
RewriteRule ^/?shopping/ceylon-cinnamon-c-62\.html$ /ceylon-cinnamon-c-2_19.html [R=301]
It is a good idea to start out with a 302 temporary redirection and only change that to a 301 permanent redirection later, once you are certain everything is correctly set up. That prevents caching issues while trying things out...
That said: when testing make tripple sure that you are not looking at cached results. Always use a fresh anonymouse browser window when testing, make deep reloads , not just reloads and watch your browser networking console for the actual response you receive...
This implementation will work likewise in the http servers host configuration or inside a dynamic configuration file (".htaccess" file). Obviously the rewriting module needs to be loaded inside the http server and enabled in the http host. In case you use a dynamic configuration file you need to take care that it's interpretation is enabled at all in the host configuration and that it is located in the host's DOCUMENT_ROOT folder.
And a general remark: you should always prefer to place such rules in the http servers host configuration instead of using dynamic configuration files (".htaccess"). Those dynamic configuration files add complexity, are often a cause of unexpected behavior, hard to debug and they really slow down the http server. They are only provided as a last option for situations where you do not have access to the real http servers host configuration (read: really cheap service providers) or for applications insisting on writing their own rules (which is an obvious security nightmare).

Rewriting .htaccess to remove sub-directory from URL

I want to mask a folder in URL, so instead of www.mysite.com /employers/university-of-worcester/profile.html there would be www.mysite.com /university-of-worcester/profile.html , meaning that sub-directory "employers" is hidden.
There will be many folders created inside "employers" folder.
This is a matter of modifying .htaccess, I have tried a lot of solutions that I have found on stack.
The latest line of code I tried to add is:
RewriteRule ^employers/(.*)$ /$1 [L]
My .htaccess looks like this now:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteRule ^employers/(.*)$ /$1 [L]
</IfModule>
If I go to URL www.mysite.com/employers/ this will redirect to www.mysite.com/ (the homepage), which I am happy about, but if I try www.mysite.com/university-of-worcester/profile.html I get "The page can’t be found.", but the home profile.html is definitly inside "university-of-worcester" folder.
I am using wordpress.
This probably is what you are looking for:
RewriteEngine on
RewriteRule ^/employers/?(.*)$ /$1 [R=301,QSA]
RewriteCond %{REQUEST_URI} !^/employers/
RewriteRule ^/?(.*)$ /employers/$1 [END,QSA]
This will redirect direct requests to that folder and internally rewrite requests to that folder.
It is a good idea to start out with a 302 temporary redirection and only change that to a 301 permanent redirection later, once you are certain everything is correctly set up. That prevents caching issues while trying things out...
In case you receive an internal server error (http status 500) using the rule above then chances are that you operate a very old version of the apache http server. You will see a definite hint to an unsupported [END] flag in your http servers error log file in that case. You can either try to upgrade or use the older [L] flag, it probably will work the same in this situation, though that depends a bit on your setup.
This rule will work likewise in the http servers host configuration or inside a dynamic configuration file (".htaccess" file). Obviously the rewriting module needs to be loaded inside the http server and enabled in the http host. In case you use a dynamic configuration file you need to take care that it's interpretation is enabled at all in the host configuration and that it is located in the host's DOCUMENT_ROOT folder.
And a general remark: you should always prefer to place such rules in the http servers host configuration instead of using dynamic configuration files (".htaccess"). Those dynamic configuration files add complexity, are often a cause of unexpected behavior, hard to debug and they really slow down the http server. They are only provided as a last option for situations where you do not have access to the real http servers host configuration (read: really cheap service providers) or for applications insisting on writing their own rules (which is an obvious security nightmare).

htaccess: add php extension, except when there is a trailing slash

I understand that to hide a website extension, I can use the following regular expression in htaccess.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]
This will rewrite, e.g., example.com\post to example.com\post.php.
However, how do I modify the script such that it DOES NOT add .php when there is a trailing slash at the end? This is so that it will recognise the index page.
Currently, if I have example.com\folder\, it will rewrite it as example.com\folder\.php.
Thanks.
Instead of explicitly checking for a trailing slash the usual approach is to check if the request actually references a directory in the server side file system. That can be implemented like this, which also checks if such a php file actually does exist:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^/?(.+)/?$ /$1.php [END]
In case you receive an internal server error (http status 500) using the rule above then chances are that you operate a very old version of the apache http server. You will see a definite hint to an unsupported [END] flag in your http servers error log file in that case. You can either try to upgrade or use the older [L] flag, it probably will work the same in this situation, though that depends a bit on your setup.
This rule will work likewise in the http servers host configuration or inside a dynamic configuration file (".htaccess" file). Obviously the rewriting module needs to be loaded inside the http server and enabled in the http host. In case you use a dynamic configuration file you need to take care that it's interpretation is enabled at all in the host configuration and that it is located in the host's DOCUMENT_ROOT folder.
And a general remark: you should always prefer to place such rules in the http servers host configuration instead of using dynamic configuration files (".htaccess"). Those dynamic configuration files add complexity, are often a cause of unexpected behavior, hard to debug and they really slow down the http server. They are only provided as a last option for situations where you do not have access to the real http servers host configuration (read: really cheap service providers) or for applications insisting on writing their own rules (which is an obvious security nightmare).
Use another RewriteCond to check the URI for a trailing slash:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !(/$|\.)
RewriteRule ^([^\.]+)$ $1.php [NC,L]
You can find a working example of this here:
https://htaccess.madewithlove.be?share=d1fa1042-e671-5b7d-ba96-572510689e8b

htaccess links with query strings not opening on pc,

my htaccess file looks like this:
DirectoryIndex index.php
RewriteEngine On
RewriteBase /
RewriteRule ^sitemap.php$ sitemap.xml [L]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond $1 !^(index\.php|robots\.txt)
RewriteRule ^(.*)$ /index.php?/$1 [L]
I want my links look like:
https://kaznews.kz/news/477800
as they are at the time,
but when I have QUERY STRING they not opening links like: https://kaznews.kz/news/477800?google
I want either delete the ?mark and the query, or add them at the end but show the correct page.
RewriteRule ^(.*)$ /index.php?/$1 [r=301,L,QSA]
this is not suitable for me because it gives me
such result: https://kaznews.kz/index.php?/news/477800&google with index.php inside, but there will be duplicate links then.
Well, looks like that is roughly what you are looking for:
RewriteRule ^/?news/(\d+)/(.+)$ /news/$1?$2 [END,QSD]
That rule will internally rewrite requests to /news/477800/google to /news/477800?google.
Update:
From your comments below we learned that what you actually appear to ask is how you can remove, so ignore any query arguments specified in the request. Though this is a questionable thing to do (as reasoned in the comments) here is a rule to achieve that:
RewriteRule ^/?news/(\d+)$ /news/$1 [END,QSD]
General:
In case you receive an internal server error (http status 500) using the rule above then chances are that you operate a very old version of the apache http server. You will see a definite hint to an unsupported [END] flag in your http servers error log file in that case. You can either try to upgrade or use the older [L] flag, it probably will work the same in this situation, though that depends a bit on your setup.
This rule will work likewise in the http servers host configuration or inside a dynamic configuration file (".htaccess" file). Obviously the rewriting module needs to be loaded inside the http server and enabled in the http host. In case you use a dynamic configuration file you need to take care that it's interpretation is enabled at all in the host configuration and that it is located in the host's DOCUMENT_ROOT folder.
And a general remark: you should always prefer to place such rules in the http servers host configuration instead of using dynamic configuration files (".htaccess"). Those dynamic configuration files add complexity, are often a cause of unexpected behavior, hard to debug and they really slow down the http server. They are only provided as a last option for situations where you do not have access to the real http servers host configuration (read: really cheap service providers) or for applications insisting on writing their own rules (which is an obvious security nightmare).

.htaccess permanent redirect with query string

I want to have a permanent redirect where whoever visits the old url is automatically sent to the new one:
From: https://example.io/users?username=value
To: https://example.io/value
The new URL already works, but I just need the redirect. I already have this code:
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ users.php?username=$1 [QSA,L]
I'd say this should roughly be what your question asks for:
RewriteEngine on
RewriteCond %{QUERY_STRING} ^username=(.+)$
RewriteRule ^/?users\.php/?$ /%1 [R=301]
Those lines should work likewise in the http servers host configuration or in dynamic configuration files (".htaccess").
It redirects all incoming requests to the old URL "/users.php?username=value. I fail to see how the code you posted should help here, which is why I wrote above rules from scratch instead of modifying yours.
And a general remark: you should always prefer to place such rules in the http servers host configuration instead of using dynamic configuration files (".htaccess"). Those dynamic configuration files add complexity, are often a cause of unexpected behavior, hard to debug and they really slow down the http server. They are only provided as a last option for situations where you do not have access to the real http servers host configuration (read: really cheap service providers) or for applications insisting on writing their own rules (which is an obvious security nightmare).

Resources