I need help setting up .htaccess - .htaccess

I need to set up .htaccess. If the user clicks the "site.com/profile" link, I need to check if there is a "token" field in the user's cookies. If this field is not empty, I must let the user through, otherwise I redirect them to the "site.com/login" link.

You are probably looking for something like that:
RewriteEngine on
RewriteCond %{HTTP_COOKIE} !(^|;)?token=[^;]+(;|$)
RewriteRule ^ /login [R=302,L]
Obviously the rewriting module needs to be loaded into the http server. It generally is a good idea to implement such rule in the http server's host configuration. If you do not have access to that you can also use a distributed configuration file (often called ".htaccess"), but the consideration of such files needs to be enabled first and their usage comes with a number of disadvantages.

Related

htaccess - Transform get parameter value in a subdomain

In my web application, I currently have URLs like this:
https://example.com/mypage?company=companyname&otherparameter=othervalue&...
I would like to transform the above URL this way:
https://companyname.example.com/mypage?otherparameter=othervalue&...
so basically transforming the value of the GET parameter "company" into a subdomain while preserving the other GET parameters in the URL (and preserving, obviously, also the path of the file on the server).
I also need to exclude the "/api" directory from this rule (so all files under the "/api" subdirectory should be served as usual).
I know I need to use .htaccess but I can't find a way to get it to work. If someone's got a hint, that would be very helpful.
Thanks!
This will capture the "subdomain name" from any incoming request and add it as query parameter to the internally rewritten target:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^(?:www\.)?example\.com$
RewriteCond %{HTTP_HOST} !^([^.]+)?example\.com$
RewriteCond %{REQUEST_URI} !^/api/?
RewriteRule ^ %{REQUEST_URI}?company=%1 [QSA,L]
This will take care of handling incoming requests. This does not somehow magically change references you hand out, so links embedded in HTML markup or javascript for example.
You need to make sure that your http server actually responds to requests to those "subdomain" based host names. A default virtual host is usually used for such thing. You also need to take care that the DNS resolution of such names works and points towards your http server. And finally you have to provide a valid SSL certificate for all those host names. A wildcard certificate is an option here, but unlike normal certificates that does not come free of charge.
It is a good idea to implement such general rules in the actual host configuration of your http server. You can use a distributed configuration file for this (".htaccess"), but that comes with a few disadvantages.

Rewrite URLs to subdomain using htaccess and wild card DNS

I want to change my website URL
http://domain.tk/site/google.com
To
google.com.domain.tk
I tried
RewriteEngine On
RewriteRule ^site/([^/]+)/?$ http://$1.domain.tk/ [NC,R=301,L]
it redirects to google.com.domain.tk and show the homepage content instead of the content in http://domain.tk/site/google.com
Example of what i want can be found on this website
The documentation I referred to in my comment to your question clearly states and demonstrates in examples that the order of arguments in a redirection rule is 1. matching pattern applied to the path component of the incoming request and 2. the target path or URL the request should internally get rewritten to. The rule you implemented does the opposite of what you ask: you implemented an external redirection to exactly that host name you want to rewrite from .
This example should get you going:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^google\.com\.domain\.tk$
RewriteRule ^ /site/google.com%{REQUEST_URI} [QSA]
For this to work the rewriting module has to be loaded into the http server, obviously and it has to be activated for the host. You should implement such rules in the actual host configuration inside your http server. If you do not have access to that (so if you are using a cheap hosting provider) then you can instead use a distributed configuration file (often named ".htaccess"), but that needs to be enabled in the host configuration first and it comes with a performance penalty.

Hiding some GET parameters from URL

I am redirecting page using PHP header location:
Current URL in browser
https://mywebsite/open/firstpage/php/start.php?&cnt=us&language=en&url=http://secureURL.com
but want to show
https://mywebsite/open/firstpage/php/start.php?&cnt=us&language=en
I am using GET method on the other side to collect all variables. I have to hide &url in querystring but want to receive it on other side $_GET['url']
How can I share my &url without showing in URL querystring? HOw can I write htaccess?
Redirect for all URLs
RewriteEngine on
RewriteRule ^(.*) $1?%{QUERY_STRING}&url=http://secureURL.com [L]
Redirect for only /open/firstpage/php/start.php
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/open/firstpage/php/start.php
RewriteRule ^(.*) $1?%{QUERY_STRING}&url=http://secureURL.com [L]
I think this is what you want.
You can't do that. If a parameter is not present in the query string, it won't be available anywhere, it's just not there. There's no such thing as "hiding" the query string.
You could, however, use some form of session mechanism to pass a piece of data from one page to another. You could put it in the $_SESSION, or use cookies. There may also be a way to achieve this through really arcane mod_rewrite magic, but you shouldn't go down that route. Really.
More importantly: what are you trying to achieve? Why are you trying to do this?
Aesthetic reasons? Then be aware that modern browsers tend to hide the query string part of the URI from the user.
Security reasons? Then you're doing it horribly wrong, you shouldn't use something so easily manipulated by the client.
User tracking? There are established solutions out there for that (say, Google Analytics).

Blocking direct access to an URL (not a file)

A drupal site is pushing International traffic over quota on my (Plesk 10.4) server, and it looks as though much of that of that (~250,000 visits/month) is direct access to the URL /user/register. We are already using the botcha module to filter out spambot registrations, but that approach is resulting in two full pages being served to each bot. And while Drupal
I'm thinking that a .htaccess rule which returns a 403 response to that URL unless the referer is from the site might be the way to go, but my .htaccess-fu is not strong, and I can only find examples for blocking hot-linking of images.
What do I need to add and where?
Thanks,
Richard
You'd be checking against the HTTP referer. It's not a guarantee way to block incoming traffic linked from a site other than yours, since the field can be easily forged. But you can try adding this to the htaccess file (above any rules that are already there):
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?your-domain\com/ [NC]
RewriteRule ^user/register - [L,F]

SES url in coldfusion - No MVC

Got this url
http://localhost:8500/users.cfm?userid=John
that loads the user's profile by getting the users details from the db
WHERE userid = <cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#url.userid#">
How can the same profile be accessed like this:
http://localhost:8500/John
Instead of users having to type "users.cfm?userid=John", they simply type the user id of the person whom they want to view.
On CF9, IIS7
I may need to install http://www.iis.net/download/urlrewrite for the solution, please advice.
Appreciate your help.
Using URLRewrite, have the rewriter set the requested URL (e.g. /John) as a request header and forward it to a single .cfm file (i.e. a front controller). In the .cfm file (e.g. frontcontroller.cfm) read out the request header (i.e. GetHttpRequestData().headers) and process accordingly -> users.cfm?userid=john.
Off-hand, maybe you could use the OnRequest method in Application.cfc. That method allows you to filter requests and give them special processing.
http://www.bennadel.com/blog/805-ColdFusion-Application-cfc-OnRequest-Creates-A-Component-Mixin.htm
In your example, you could take "John", or any string, if it exists at the root, and
<cfinclude template="#application.baseHREF#/users.cfm?userid=#userID#" />
If you define baseHREF in OnApplicationStart.
If you decide to use a tool like ISAPI Rewrite (not free) which allows you to write Rewrite rules similar to those used in Apache, you'd add:
RewriteRule ^(.*)$ /users.cfm?userid=$1 [NC,L,QSA]
You can also add folders or other URLs to exclude from this rule with something like:
RewriteCond %{REQUEST_URI} !^(assets|images|xml|tasks) [NC]
RewriteRule ^_admin/(.*)$ /_admin/index.cfm/$1 [NC,L,QSA]
I would recommend using a rewrite rule over handling it in CFML to reduce the processing handled by the CF server.

Resources