How to restrict a domain on htaccess - .htaccess

The following rule is allowing only www.google.com domain to access the file list.txt
My question, how can I change the rule to restrict www.google.com and allow other domain?
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} !^(?:www\.)?google\.com$ [NC]
RewriteRule ^list\.txt$ - [NC,F]
</IfModule>
I want the browser response to 404 but not denied response.

Please test and see if this does what you want?
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(?:www\.)?google\.com$ [NC]
RewriteRule ^list\.txt$ - [NC,R=404]
but this might be clearer:
<Files "list.txt">
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(?:www\.)?google\.com$ [NC, R=404]
</Files>
I left out <IfModule mod_rewrite.c> for clarity. If the module is not enabled, you might however prefer the server to not start opposed to just allow access.

Related

Silverstripe htaccess

I have a Silverstripe platform website that has duplicate URLs for www, non-www, http and https
There seem to be multiple solutions but no definitive answer. Is there someone that knows the correct code for the htaccess file for Silverstripe?
I want to get all pages pointing to https ://www
This is the current code in the htaccess file -
ErrorDocument 401 /base/401.txt
### SILVERSTRIPE START ###
# Deny access to templates (but allow from localhost)
<Files *.ss>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Files>
# Deny access to IIS configuration
<Files web.config>
Order deny,allow
Deny from all
</Files>
# Deny access to YAML configuration files which might include sensitive information
<Files ~ "\.ya?ml$">
Order allow,deny
Deny from all
</Files>
# Route errors to static pages automatically generated by SilverStripe
ErrorDocument 404 /assets/error-404.html
ErrorDocument 500 /assets/error-500.html
<IfModule mod_env.c>
# Ensure that X-Forwarded-Host is only allowed to determine the request
# hostname for servers ips defined by SS_TRUSTED_PROXY_IPS in your _ss_environment.php
# Note that in a future release this setting will be always on.
SetEnv BlockUntrustedIPs true
</IfModule>
<IfModule mod_rewrite.c>
# Turn off index.php handling requests to the homepage fixes issue in apache >=2.4
<IfModule mod_dir.c>
DirectoryIndex disabled
</IfModule>
RewriteEngine On
# non-www to www redirect
#RewriteCond %{HTTP_HOST} ^bolstered.com.au$ [NC]
#RewriteRule (.*) https://www.bolstered.com.au/$1 [R=301,L]
# http to https redirect
#RewriteCond %{HTTPS} !=on
#RewriteRule ^ (.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Enable HTTP Basic authentication workaround for PHP running in CGI mode
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Deny access to potentially sensitive files and folders
RewriteRule ^vendor(/|$) - [F,L,NC]
RewriteRule silverstripe-cache(/|$) - [F,L,NC]
RewriteRule composer\.(json|lock) - [F,L,NC]
RewriteCond %{REQUEST_URI} ^(.*)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !\.php$
RewriteRule .* index.php?url=%1&%{QUERY_STRING} [L]
</IfModule>
### SILVERSTRIPE END
I typically keep the SilverStripe part between ### SILVERSTRIPE START ### and ### SILVERSTRIPE END ### untouched and put my rules only before or after those of silverstripe.
There is no issue with having RewriteEngine On twice.
I also did not bother to check if mod_rewrite exists, because all my servers will have it enabled and I wouldn't let a client put it on a server without it.
Here is a full example of a .htaccess that I would typically use in silverstripe a project:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^localhost [NC]
RewriteCond %{HTTP_HOST} !^127.0.0.1 [NC]
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} !^www\.examle\.org [NC]
RewriteRule ^ https://www.examle.org%{REQUEST_URI} [R=301,L]
### SILVERSTRIPE START ###
# Deny access to templates (but allow from localhost)
<Files *.ss>
Require ip 127.0.0.1
</Files>
# Deny access to IIS configuration
<Files web.config>
Require all denied
</Files>
# Deny access to YAML configuration files which might include sensitive information
<Files ~ "\.ya?ml$">
Require all denied
</Files>
# Route errors to static pages automatically generated by SilverStripe
ErrorDocument 404 /assets/error-404.html
ErrorDocument 500 /assets/error-500.html
<IfModule mod_rewrite.c>
# Turn off index.php handling requests to the homepage fixes issue in apache >=2.4
<IfModule mod_dir.c>
DirectoryIndex disabled
DirectorySlash On
</IfModule>
SetEnv HTTP_MOD_REWRITE On
RewriteEngine On
# Enable HTTP Basic authentication workaround for PHP running in CGI mode
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Deny access to potentially sensitive files and folders
RewriteRule ^vendor(/|$) - [F,L,NC]
RewriteRule ^\.env - [F,L,NC]
RewriteRule silverstripe-cache(/|$) - [F,L,NC]
RewriteRule composer\.(json|lock) - [F,L,NC]
RewriteRule (error|silverstripe|debug)\.log - [F,L,NC]
RewriteRule ^Security - [F,L,NC]
# Process through SilverStripe if no file with the requested name exists.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* index.php
</IfModule>
### SILVERSTRIPE END ###
Step-by-step explanation:
Turns on the rewrite engine
RewriteEngine On
The 4 RewriteCond are all conditions connected to the RewriteRule below it.
RewriteCond %{HTTP_HOST} !^localhost [NC]
RewriteCond %{HTTP_HOST} !^127.0.0.1 [NC]
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} !^www\.examle\.org [NC]
Multiple conditions will be a logical AND, unless you add a [OR].
[NC] stands for no-case, so not case-sensitive
The first 2 are an exception for localhost/127.0.0.1 to ensure a redirect will not be done when I am developing on my workstation.
3 is checking if https if off
4 is checking if the domain is correct
So speaking in pseudo code, it's like this:
if ($HTTP_HOST != "localhost" && $HTTP_HOST != "127.0.0.1" AND ($HTTPS != "on" OR $HTTP_HOST != "www.examle.org") {
do_redirect();
}
The actual redirect
RewriteRule ^ https://www.examle.org%{REQUEST_URI} [R=301,L]
It's redirecting to the desired domain and attaches the path (/foo/bar) and the query paramters (?foo=bar) to it.
R=301 is the http response code. If you wanted a temporary redirect you could make it 302.
L means Last I think, which will stop the processing at this point and will not continue to try other rules below.
Alternatives:
.htaccess is the best way to do it. But it's worth pointing out that this is not the only option.
You could do it in plain PHP, in the config of any/most webservers, ...
And SilverStripe has builtin methods for doing the check & redirect:
Director::forceSSL();
Director::forceWWW();
but as said, .htaccess is much better (much faster and only a single redirect)

multiple specific ips to alternate domain

I am NOOB. I am attempting to redirect specific IP addresses using htaccess to a different domain. Those ip addresses are of people copying what I type to describe stuff and put it on their site within a few hours. I want them to just see static site B while everyone else sees dynamic site A.
The code below is redirecting to cat.com which I used earlier as a test to redirect, which seemed to be working. But then I changed it to dog.com but but it is still redirecting me to cat.com. I had put a # symbol in front of the old rewriterule so it should not be in play anymore. I also checked the redirects in cpanel. This is a subdomain I am working with, not the main domain on the account. This htaccess file added only 68.14.155.149 to the redirects section nothing else.
<Files 403.shtml>
order allow,deny
allow from all
</Files>
# -- MOD: Forbid Cross Site Scripting in query
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} ^.*(allow_url_include|auto_prepend_file).* [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>
# -- END MOD: Forbid Cross Site Scripting in query
deny from 180.76.5.0/24
deny from 198.23.76.220
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_ADDR} ^38\.100\.121\.65$ [OR]
RewriteCond %{REMOTE_ADDR} ^206\.141\.173\.244$ [OR]
RewriteCond %{REMOTE_ADDR} ^68\.14\.15\0.24$
RewriteRule ^(.*)$ http://www.dog.com/$1 [L,R=301]
#RewriteRule ^(.*)$ http://www.cat.com/$1 [L,R=301]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
RewriteRule ^About\-us\.php$ About\-Me\.php [R=301,NE,QSA,L]
</IfModule>
#RVS END REDIRECT PAGE

Random weird 403 redirects on my site homepage?

Not sure how to fix this or replicate the error but it seems that sometimes my site goes into a 403 redirect error.
I've deleted cookies on my personal browser but it seems to enter 403 on other machines (on different IP's)
My hunch could be the htaccess file....
Can anyone spot anything odd with the following rules?
thanks....
<files .htaccess>
Order allow,deny
Deny from all
</files>
Options +FollowSymLinks
RewriteEngine On
#Options -Indexes
# All pages www
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
# below to force https
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [OR,NC]
RewriteCond %{HTTPS} off
RewriteRule ^ https://www.my-site.com%{REQUEST_URI} [NE,R=301,L]
I found out what it was - basically my DNS was set differently...I was using OpenDNS and it was messing up my personal UI experience...

How can access the site only through its IP

I have a site, say www.test.com. Now I need to get see the site only by typing the IP address, i.e. 102.3.0.2/index.php.
For that, what I need to change in my htaccess file?
Following is my htaccess file code:
#Options +FollowSymLinks
RewriteEngine on
#RewriteBase /cash-flights/
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteCond $1 !(^index\.php|gif$|jpg$|jpeg$|JPG$|JPEG$|GIF$|PNG$|BMP$|png$|bmp$|js$|php$|htm$|html$|css$|ttf$|txt$|pdf$|swf$|flv$|robots\.txt$|video_chat$|.ico$)
#RewriteRule ^(?!js\/tinymce)(.*?)(\.html|\.php|\/)?$ index.php/$1 [NC,L]
RewriteRule ^(?!phpinfo\.php)(?!js\/tinymce)(?!turkeyMap)(?!cron_home)(?!quote_by_sms)(?!paypal)(?!supporttrio)(?!12all)(?!system\/application\/libraries\/libgmap)(.*?)(\.html|\.php|\/)?$ index.php/$1 [NC,L]
RewriteRule ^(.*)$ - [NC,L]
#php_value session.gc_maxlifetime 86400
<Files 403.shtml>
order allow,deny
allow from all
</Files>
deny from 100.200.200.200
Options -Indexes
Don't know if this is the reason why you are not getting it, but the ip has to be four numbers.
I.E. 102.1.10.1.
Any site name ex: www.test.com must be translated to an ip, if you can reach the site using a name you can also reach it using the ip address.
RewriteCond %{HTTP_HOST} !=123.456.789.101
RewriteRule ^(.*)$ http://123.456.789.101$1 [R,L]
But it can easily be bypassed by editing the value of the HOST HTTP header.

htaccess redirect - allow files for construction page

I've tried to set up a htaccess redirect for everyone except me. It works fine...except that I have to write an exception for every file that the under construction page wants. This will take me a while and I'm certain there is a proper way to do it, I just cant find it.
I have tried this:
order deny,allow
deny from all
allow from 205.97.194.334
ErrorDocument 403 http://www.domain.com/page.htm
<Files page.htm>
allow from all
</Files>
But I get an internal server error
What I have now is this:
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} !^127\.0\.0\.1
RewriteCond %{REQUEST_URI} !/mypage\.html$
RewriteRule .* http://www.domain.com/construct/mypage.html [R=302,L]
What can I add in this to allow everything in the /construct/ ?#
Thankyou
P.S. Can anyone tell me why the first attempt didn't work?
EDIT:
Ok I've added this, which allowed the files, however, it is only redirecting when the directory is entered. I.e. domain.com will redirect to the construction page, but domain.com/index.php and anything else will not redirect
# Redirect everyone who's not from your IP
RewriteCond %{REMOTE_ADDR} !00.00.00.00 [NC]
# Allow real files to be served
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule !index.html$ http://subverb.net/construct/index.html [R=307,L]
If you want /construct to be available to everyone else, and you want them to be redirected to that URL when opening any other URL:
# IF not from your address
RewriteCond %{REMOTE_ADDR} !^123\.4\.5\.6$
# AND not for /construct directory
RewriteCond %{REQUEST_URI} !^/construct
# THEN sen them to /construct/index.html
RewriteRule (.*) /construct/index.html [R=307,L]

Resources