In Hotlink Protection not working with .htaccess the problem of preventing hotlinking by means of .htaccess directives was discussed, but the answers there do not provide a solution for my problem.
This is my problem:
In https://janis-joplin.servidor-alicante.com/ I have the following .htaccess:
DirectoryIndex index.php index.html index.htm
Options -Indexes
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://janis-joplin.servidor-alicante.com [NC]
RewriteCond %{HTTP_REFERER} !^https://janis-joplin.servidor-alicante.com [NC]
RewriteCond %{HTTP_REFERER} !^https://(www\.)?google.com [NC]
RewriteCond %{HTTP_REFERER} !^https://(www\.)?facebook.com [NC]
RewriteCond %{HTTP_REFERER} !^https://(www\.)?twitter.com [NC]
RewriteRule \.(gif|jpg|jpeg|bmp|zip|rar|mp3|flv|swf|xml|php|png|css|pdf)$ https://janis-joplin.servidor-alicante.com/_res/janis.jpg [NC,R,L]
RewriteRule ^ads.txt$ ads_tm.php [L]
RewriteRule ^janis-joplin/(.*) /$1 [L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(.+) - [PT,L]
RewriteRule ^(.+) index.php?url=$1
In https://jimi-hendrix.servidor-alicante.com/_dev/test.htm I have:
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>test</title>
</head>
<body>
<img src="http://janis-joplin.servidor-alicante.com/_photos/wolman.gif">
<img src="https://janis-joplin.servidor-alicante.com/_photos/wolman.gif">
</body>
</html>
But in jimi-hendrix subdomain I can see the images in the janis-joplin subdomain.
What am I doing wrong? TIA
You need to check the network traffic - HTTP request headers (which you can do in the browser dev tools)... is the Referer header being sent in the request for those images? What is the Referer header set to?
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://janis-joplin.servidor-alicante.com [NC]
RewriteCond %{HTTP_REFERER} !^https://janis-joplin.servidor-alicante.com [NC]
The Referer header will not be sent (by default) in the first image request, since you are making an HTTP (insecure) request from an HTTPS (secure) page. Default browser behaviour suppresses the Referer header in this instance. You explicitly allow an empty Referer header (first condition above) in your "hotlinking" rule block so you would expect the first image to be displayed. (Realistically, you do need to allow an empty Referer header.)
It's not clear why the second image is displayed (assuming your .htaccess directives are being processed) without looking at the HTTP request headers (and knowing what HTTP Referrer-Policy is set on the referring page).
Related
I wanted to keep the redirect rule. but I don't want to have to add site by site so that they can display the image. how can i change this rule so that it can do this trick? thanks in advance. Any help is welcome :)
actual htaccess
<Files ~ "\.(jpg|jpeg|png|gif)$">
Order allow,deny
allow from all
</Files>
RewriteEngine on
RewriteCond %{QUERY_STRING} (?:^|&)fbclid=
RewriteRule ^ / [L,R=permanent]
RewriteCond %{HTTP_REFERER} !^https://mysite,com [NC]
RewriteCond %{HTTP_REFERER} !^https://www.facebook,com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.facebook,com/ [NC]
RewriteCond %{HTTP_REFERER} !^https://externalsite,com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://externalsite2,com/ [NC]
RewriteCond %{HTTP_REFERER} !^https://mysite,com.*$ [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ https://mysite,com [NC,R,L]
<IfModule mod_php4.c>
php_value engine off
</IfModule>
<IfModule mod_php5.c>
php_value engine off
</IfModule>
<Files ~ "\.((php[0-9]?)|p?html?|pl|sh|java|cpp|c|h|js|rc)$">
Order allow,deny
Deny from all
</Files>
RewriteCond %{HTTP_REFERER} !^https://mysite,com [NC]
RewriteCond %{HTTP_REFERER} !^https://www.facebook,com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.facebook,com/ [NC]
RewriteCond %{HTTP_REFERER} !^https://externalsite,com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://externalsite2,com/ [NC]
RewriteCond %{HTTP_REFERER} !^https://mysite,com.*$ [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ https://mysite,com [NC,R,L]
I wanted to give full access to other sites to incorporate my content ... redirecting if you access the file directly at example.com/uploads/test.gif
If you simply want to block direct access (in which case the Referer header is empty) and allow all other sites to link to your images (basically the opposite of "hotlink protection") then you can replace the above rule (that redirects such requests to the root) with the following:
RewriteCond %{HTTP_REFERER} ^$
RewriteRule \.(jpg|jpeg|png|gif)$ https://example.com/ [NC,R,L]
This redirects all direct requests to the root / home page.
(You had erroneous commas , in your original directives that would have prevented this from working?!)
HOWEVER, basing this redirect on the HTTP Referer is unreliable - you will get false positives. The Referer is sent by the browser - so the user can control (and suppress) what is sent. The website that is linking to you can also set a referrer-policy that suppresses the HTTP Referer being sent - so all requests from some sites might look like direct requests anyway and end up being blocked. There is no way around this.
Where my site is hosted, I'm using .htaccess and it has a condition to remove the www and direct to the main page without the www.
<ifModule mod_rewrite.c>
Header set X-Frame-Options DENY
RewriteEngine On
# Required to allow direct-linking of pages so they can be processed by Angular
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !index
RewriteRule (.*) index.html [L]
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)
RewriteRule (.*) http://meusite.com.br [R=301,L]
</ifModule>
The problem is this, when someone accesses an internal page with www, it falls for this check and is directed to the home, example:
If someone accesses the link: http://www.meusite.com.br/conteudo/94-vai-criar-um-site-to-your-employee-said-you-can-noble
It will direct to http://meusite.com under the condition.
What I need, is that it is directed to the following link: http://meusite.com/content/94-vai-create-a-site-to-your-employee-behavior-which-cannot-can- -fine only by removing the www from the link.
Does anyone know if this check is possible in .htaccess?
EDIT:
.htaccess is not able to translate your titles from portugese to english.
You should do redirection to normal domain with full link, and then do internal redirection with your backend (i.e. php, ruby) to proper translated link.
Use following code before your redirection, so links with conteudo will be catched here and redirected properly using backreferences:
RewriteCond %{HTTP_HOST} ^www\..* [NC]
RewriteRule ^\/conteudo\/(.*)$ http://menusite.com.br/content/$1 [R=301,L]
Soluction:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
Here is the scenario:
There is a website named "example.com" and a folder named "mobile" for accessing website via mobile or tab
If a user types just "example.com" in browser they should be redirected to https://www.example.com which is working as per the below code in .htaccess:
RewriteCond %{HTTP_HOST} ^example\.com$
RewriteRule ^/?$ "https\:\/\/www\.example\.com" [R=301,L]
Alternatively, if a user is accessing the url https://www.example.com from mobile then it should be redirected to https://mobile.example.com
Now, whenever I am accessing the url https://www.example.com from mobile
it redirects the browser to https://mobile.example.com but again as per the code in .htaccess it considers this specific part of url "example.com" and redirects browser back to https://www.example.com and this way it finally ends up in infinite loop generating error:
"Fetching the page exceeded the maximum of 10 redirects."
I tried putting something like this in .htaccess file so as to not redirect to https://www.example.com in case there is a "mobile" word as prefix but it is not working
RewriteCond %{HTTP_HOST} ^example\.com$
RewriteRule ^mobile/ - [L]
RewriteRule ^/?$ "https\:\/\/www\.example\.com" [R=301,L]
Please advise.
This is how the .htaccess file constructed
RewriteEngine on
RewriteRule ^mobile - [L]
RewriteCond %{HTTP_HOST} ^example\.com$
RewriteRule ^/?$ "https\:\/\/www\.example\.com" [R=301,L]
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{www.example.com}/$1 [R,L]
##DISABLE VIEWING DIRECTORIES##
Options -Indexes
##DISABLE VIEWING DIRECTORIES##
##DISABLE VIEWING DIRECTORIES FILES##
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^https://(www\.)?example.com [NC]
RewriteCond %{HTTP_REFERER} !^https://(www\.)?example.com/.*$ [NC]
RewriteRule .*\.(png|gif)$ - [F,NC]
##DISABLE VIEWING DIRECTORIES FILES##
##DISABLE VIEWING admin DIRECTORY FILES##
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^https://(www\.)?example.com [NC]
RewriteCond %{HTTP_REFERER} !^https://(www\.)?example.com/.*$ [NC]
RewriteRule ^admin/.+\.php$ - [F,L]
##DISABLE VIEWING admin DIRECTORY FILES##
Redirection code from header.php
<script type="text/javascript">
if (screen.width <= 699) {
document.location = "https://mobile.example.com";
}
</script>
You are not using the RewriteCond correctly. If you want to skip url rewriting when uri is /mobile/ and redirect example.com to https://www.example.com you can use the following
#Skip url rewriting if requested uri is /mobile
RewriteRule ^mobile - [L]
#redirect example.com/ to http://www.example.com/
RewriteCond %{HTTP_HOST} ^example.com$
RewriteRule ^/?$ https://www.example.com/ [L,R]
/ is not a special char in mod-rewrite , you dont need to escape it.
I have Some issue in .htaccess file.I have hosted my index page to webserver. I don't know what I did wrong in the .htaccess file.After adding code in .htaccess file still my url is not friendly.It is showing http://rang.comli.com/servicecnt It should be http://rang.comli.com/servicecnt/service_id/5
<html>
<head>
<title>Second mod_rewrite example</title>
</head>
<body>
<p>
welcome index page. Index page is loaded
Done with php my admin
</p>
</body>
</html>
Here is my .htaccess file:
Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /
## hide .php extension
# To externally redirect /public_html/index.php to /dir/index
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s([^.]+)\.php [NC]
RewriteRule ^ %1 [R,L,NC]
## To internally redirect /public_html/index to /dir/index.php
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^ %{REQUEST_URI}.php [L]
RewriteEngine On
RewriteCond %{QUERY_STRING} ^service_id=([0-9]*)$
RewriteRule ^servicecnt\.php$ /servicecnt.php/%1? [R=302,L]
You can use:
Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /
RewriteCond %{THE_REQUEST} \s/+servicecnt\.php\?service_id=([^\s&]+) [NC]
RewriteRule ^ servicecnt/service_id/%1? [R=302,L]
## hide .php extension
# To externally redirect /public_html/index.php to /dir/index
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s([^.]+)\.php [NC]
RewriteRule ^ %1 [R,L]
RewriteRule ^servicecnt/service_id/(\d+)/?$ servicecnt.php?service_id=$1 [QSA,L]
## To internally redirect /public_html/index to /dir/index.php
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^ %{REQUEST_URI}.php [L]
Your best option is not to redirect the old url, but to let php generate the pretty url in the first place. Every time an user clicks on your link, the server needs to redirect the user, which is very inefficient. If the user would click the new url instead, you only have to internally rewrite it. You can use the following rule to rewrite it back:
RewriteRule ^servicecnt/service_id/([^/]+)/?$ servicecnt.php?service_id=$1 [L]
Problems:
1) Need ALL urls to always redirect to non-www
2) domain.com needs to automatically redirect to sub.domain.com
Based on other articles here, I've tried:
Options +FollowSymLinks -MultiViews
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(sub\.domain\.com)$ [NC]
RewriteRule ^ http:://%1%{REQUEST_URI} [R=301,L]
[had to insert an extra ":" for this to post]
Which "works", but then all of the links on my site 404.
Can you point out what I'm doing wrong?
Try this code :
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.(.*)$
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^domain\.com$
RewriteRule ^(.*)$ http://sub.domain.com/$1 [R=301,L]
In the comment you provided on Jul. 26th, the rule
RewriteRule ^(.*)\.html$ $1.php [nc]
is used to rewrite all requests for html files to requests for php files. This is typically done for SEO, to make the pages appear as static html instead of dynamic php in situations where php is primarily used to reduce code duplication.
In these cases, it is typical that all the page files on the server exist only in php format, and not html format. Therefore, without this rule, all links to .html files will remain as requests to the server for .html files, which will result in many 404s.
I would suggest you simply insert this rule in your .htaccess block in the original question, at the end of your statements. They ought to play well together. The result for completeness:
Options +FollowSymLinks -MultiViews
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(sub\.domain\.com)$
RewriteRule ^http://%1%{REQUEST_URI} [R=301]
RewriteRule ^(.*)\.html$ $1.php [NC]
*My mistake, the flags [NC] and [OR] are definitely valid for RewriteCond statements.