Rewrite .htaccess symfony 3.4 for main page - .htaccess

I have the current htaccess file.
When I go to my main website http://mywebsite.com I receive this error that says Forbidden
You don't have permission to access / on this server.
However, by adding web at the end as http://mywebsite.com/web, I am able to access to the website.
Is it possible to rewrite the .htaccess file to include that redirection so I won't need to add web every time?
Edit: My app is located in /www/mywebsite
# Use the front controller as index file. It serves as a fallback solution when
# every other rewrite/redirect fails (e.g. in an aliased environment without
# mod_rewrite). Additionally, this reduces the matching process for the
# start page (path "/") because otherwise Apache will apply the rewriting rules
# to each configured DirectoryIndex file (e.g. index.php, index.html, index.pl).
DirectoryIndex app.php
# By default, Apache does not evaluate symbolic links if you did not enable this
# feature in your server configuration. Uncomment the following line if you
# install assets as symlinks or if you experience problems related to symlinks
# when compiling LESS/Sass/CoffeScript assets.
# Options FollowSymlinks
# Disabling MultiViews prevents unwanted negotiation, e.g. "/app" should not resolve
# to the front controller "/app.php" but be rewritten to "/app.php/app".
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
# Determine the RewriteBase automatically and set it as environment variable.
# If you are using Apache aliases to do mass virtual hosting or installed the
# project in a subdirectory, the base path will be prepended to allow proper
# resolution of the app.php file and to redirect to the correct URI. It will
# work in environments without path prefix as well, providing a safe, one-size
# fits all solution. But as you do not need it in this case, you can comment
# the following 2 lines to eliminate the overhead.
RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
# Sets the HTTP_AUTHORIZATION header removed by Apache
RewriteCond %{HTTP:Authorization} .
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect to URI without front controller to prevent duplicate content
# (with and without `/app.php`). Only do this redirect on the initial
# rewrite by Apache and not on subsequent cycles. Otherwise we would get an
# endless redirect loop (request -> rewrite to front controller ->
# redirect -> request -> ...).
# So in case you get a "too many redirects" error or you always get redirected
# to the start page because your Apache does not expose the REDIRECT_STATUS
# environment variable, you have 2 choices:
# - disable this feature by commenting the following 2 lines or
# - use Apache >= 2.3.9 and replace all L flags by END flags and remove the
# following RewriteCond (best solution)
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^app\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
# If the requested filename exists, simply serve it.
# We only want to let Apache serve files and not directories.
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ - [L]
# Rewrite all other queries to the front controller.
RewriteRule ^ %{ENV:BASE}/app.php [L]
</IfModule>
<IfModule !mod_rewrite.c>
<IfModule mod_alias.c>
# When mod_rewrite is not available, we instruct a temporary redirect of
# the start page to the front controller explicitly so that the website
# and the generated links can still be used.
RedirectMatch 302 ^/$ /app.php/
# RedirectTemp cannot be used instead
</IfModule>
</IfModule>

Related

Set up symfony4 URI with ONLY .htaccess

I am launching a symfony website on a server that can't be configured at all. So I can't touch the apache conf and all, I only have access to the drop repository.
So I need to use ONLY htaccess to :
point to the "public/index.php" file
Remove the "public" part from the url
I now have succeded the 1rst part with this in my lowest level .htaccess:
DirectoryIndex public/index.php public/index.html
My second .htaccess is the basic one:
# Use the front controller as index file. It serves as a fallback solution when
# every other rewrite/redirect fails (e.g. in an aliased environment without
# mod_rewrite). Additionally, this reduces the matching process for the
# start page (path "/") because otherwise Apache will apply the rewriting rules
# to each configured DirectoryIndex file (e.g. index.php, index.html, index.pl).
DirectoryIndex index.php
# By default, Apache does not evaluate symbolic links if you did not enable this
# feature in your server configuration. Uncomment the following line if you
# install assets as symlinks or if you experience problems related to symlinks
# when compiling LESS/Sass/CoffeScript assets.
# Options FollowSymlinks
# Disabling MultiViews prevents unwanted negotiation, e.g. "/index" should not resolve
# to the front controller "/index.php" but be rewritten to "/index.php/index".
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
# Determine the RewriteBase automatically and set it as environment variable.
# If you are using Apache aliases to do mass virtual hosting or installed the
# project in a subdirectory, the base path will be prepended to allow proper
# resolution of the index.php file and to redirect to the correct URI. It will
# work in environments without path prefix as well, providing a safe, one-size
# fits all solution. But as you do not need it in this case, you can comment
# the following 2 lines to eliminate the overhead.
RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
# Sets the HTTP_AUTHORIZATION header removed by Apache
RewriteCond %{HTTP:Authorization} .
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect to URI without front controller to prevent duplicate content
# (with and without `/index.php`). Only do this redirect on the initial
# rewrite by Apache and not on subsequent cycles. Otherwise we would get an
# endless redirect loop (request -> rewrite to front controller ->
# redirect -> request -> ...).
# So in case you get a "too many redirects" error or you always get redirected
# to the start page because your Apache does not expose the REDIRECT_STATUS
# environment variable, you have 2 choices:
# - disable this feature by commenting the following 2 lines or
# - use Apache >= 2.3.9 and replace all L flags by END flags and remove the
# following RewriteCond (best solution)
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^index\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
# If the requested filename exists, simply serve it.
# We only want to let Apache serve files and not directories.
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ - [L]
# Rewrite all other queries to the front controller.
RewriteRule ^ %{ENV:BASE}/index.php [L]
</IfModule>
<IfModule !mod_rewrite.c>
<IfModule mod_alias.c>
# When mod_rewrite is not available, we instruct a temporary redirect of
# the start page to the front controller explicitly so that the website
# and the generated links can still be used.
RedirectMatch 307 ^/$ /index.php/
# RedirectTemp cannot be used instead
</IfModule>
</IfModule>
How can I do the second part ?
I believe you are solving things the other way around. The proper solution is described here https://medium.com/#runawaycoin/deploying-symfony-4-application-to-shared-hosting-with-just-ftp-access-e65d2c5e0e3d
Upload the following folders (and contents) from your application to a new folder in your root of your FTP server named symfony:
bin
config
src
templates
translations
vendor
Note: Only upload the bin folder if you want to run the console, maybe via a cron job, also best to rename console to console.php
Also create the var folder but dont upload its contents.
And upload your composer.json file to this symfony folder — this is needed to help symfony find its application files.
So you should have this on your server:
\symfony
bin
config
src
templates
translations
vendor
composer.json
\public_html
index.php
.htaccess
bundles
build
Dont forget that you will need to modify index.php
Before your application will work you need to modify your index.php file and set your env vars.
First edit your index.php (locally inside your public folder, on the server will be inside your public_html folder).
Edit this line:
require __DIR__.’/../vendor/autoload.php’;
To:
require __DIR__.’/../symfony/vendor/autoload.php’;

htaccess rewrite a get parameter

I have already the Typo3 Flow .htaccess
#
# TYPO3 Flow context setting
#
# You can specify a default context by activating this option:
# SetEnv FLOW_CONTEXT Production
# If the root path is not the parent of the Web directory,
# TYPO3 Flow's root path must be specified manually:
# SetEnv FLOW_ROOTPATH /var/www/myapp/
#
# mod_rewrite configuration
#
<IfModule mod_rewrite.c>
# Enable URL rewriting
RewriteEngine On
# Set flag so we know URL rewriting is available
SetEnv FLOW_REWRITEURLS 1
# You will have to change the path in the following option if you
# experience problems while your installation is located in a subdirectory
# of the website root.
RewriteBase /
# Stop rewrite processing no matter if a package resource, robots.txt etc. exists or not
RewriteRule ^(_Resources/Packages/|robots\.txt|favicon\.ico) - [L]
# Stop rewrite process if the path points to a static file anyway
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule .* - [L]
# Perform rewriting of persistent private resources
RewriteRule ^(_Resources/Persistent/[a-zA-Z0-9]+/(.+/)?[a-f0-9]{40})/.+(\..+) $1$3 [L]
# Perform rewriting of persistent resource files
RewriteRule ^(_Resources/Persistent/.{40})/.+(\..+) $1$2 [L]
# Make sure that not existing resources don't execute TYPO3 Flow
RewriteRule ^_Resources/.* - [L]
# Continue only if the file/symlink/directory does not exist
RewriteRule (.*) index.php
</IfModule>
<IfModule mod_negotiation.c>
# prevents Apache's automatic file negotiation, it breaks resource URLs
Options -MultiViews
</IfModule>
<IfModule mod_setenvif.c>
# Redirect authorization header when PHP is running as CGI
SetEnvIfNoCase Authorization "Basic ([a-zA-Z0-9\+/=]+)" REMOTE_AUTHORIZATION=$0
</IfModule>
ErrorDocument 500 "<h1>Application Error</h1><p>The TYPO3 Flow application could not be launched.</p>"
So i think this is the standard flow htaccess.
Is there a possibility to define own rules?
My htaccess skills are quite bad. What do i have to edit do replace a GET parameter
show?path=
My Domain looks like
http://domain.com/show?path=/test/test2
It should look like
http://domain.com/show/test/test2
thanks in advance, regards
Yes, you can extend .htaccess and if you have mod_proxy enabled adding this line should be enough (check what [P] flag does)
# Add this line
RewriteRule ^show/(.*)$ /show?path=/$1 [P]
# Continue only if the file/symlink/directory does not exist
RewriteRule (.*) index.php
But you should handle this kind of stuff using Routing - then you will have uri builder and rewriting handled by framework.
If your path is just string argument in showAction, ten adding to My/Package/Configuration/Routes.yaml (and setting subroutes in main Configuration/Routes.yaml above Flow subroutes)
-
name: 'show'
uriPattern: 'show/{path}'
defaults:
'#package': 'My.Package'
'#controller': 'Standard'
'#action': 'show'
'#format': 'html'
appendExceedingArguments: true
If it's property of object you have example in link above.
The only problem is that / in argument (like '/test/test2') won't work with route above.. To handle arguments containing / you might need to create your own Route Part Handler.

Run multiple Drupal sites from subfolder in root, using multilingual urls

I have a (Drupal) website running in a subfolder, with another (Drupal) website running in the root. The website in the subfolder is a multilingual website. I need the subfolder name to change, depending on the language the site is being displayed in, but I'm not able to find or create a working rewrite rule for it.
The scenario is as follows:
The website is located in folder with the different languages showing urls like folder/folder, folder/dossier and folder/map. The language tags are handled by Drupal. The end result I desire is:
folder/folder >> folder/
folder/map >> map/
folder/dossier >> dossier/
This means that the subfolder is removed from the URL, and only the language urls remain.
Any idea how to solve this problem, using htaccess, prefably without redirects, and without having a negative influence on the root website?
Below is the Drupal htaccess being used. The same htaccess is used in the root, but then with the RewriteBase still commented.
#
# Apache/PHP/Drupal settings:
#
# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(|~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save)$">
Order allow,deny
</FilesMatch>
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# Follow symbolic links in this directory.
Options +FollowSymLinks
# Make Drupal handle any 404 errors.
ErrorDocument 404 /index.php
# Set the default handler.
DirectoryIndex index.php index.html index.htm
# Override PHP settings that cannot be changed at runtime. See
# sites/default/default.settings.php and drupal_environment_initialize() in
# includes/bootstrap.inc for settings that can be changed at runtime.
# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
php_flag magic_quotes_gpc off
php_flag magic_quotes_sybase off
php_flag register_globals off
php_flag session.auto_start off
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_flag mbstring.encoding_translation off
</IfModule>
# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
# Enable expirations.
ExpiresActive On
# Cache all files for 2 weeks after access (A).
ExpiresDefault A1209600
<FilesMatch \.php$>
# Do not allow PHP scripts to be cached unless they explicitly send cache
# headers themselves. Otherwise all scripts would have to overwrite the
# headers set by mod_expires if they want another caching behavior. This may
# fail if an error occurs early in the bootstrap process, and it may cause
# problems if a non-Drupal PHP file is installed in a subdirectory.
ExpiresActive Off
</FilesMatch>
</IfModule>
# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
# Set "protossl" to "s" if we were accessed via https://. This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
# Block access to "hidden" directories whose names begin with a period. This
# includes directories used by version control systems such as Subversion or
# Git to store control files. Files whose names begin with a period, as well
# as the control files used by CVS, are protected by the FilesMatch directive
# above.
#
# NOTE: This only works when mod_rewrite is loaded. Without mod_rewrite, it is
# not possible to block access to entire directories from .htaccess, because
# <DirectoryMatch> is not allowed here.
#
# If you do not have mod_rewrite installed, you should remove these
# directories from your webroot or otherwise protect them from being
# downloaded.
RewriteRule "(^|/)\." - [F]
# If your site can be accessed both with and without the 'www.' prefix, you
# can use one of the following settings to redirect users to your preferred
# URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
#
# To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/... will be redirected to http://www.example.com/...)
# uncomment the following:
# RewriteCond %{HTTP_HOST} .
# RewriteCond %{HTTP_HOST} !^www\. [NC]
# RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/... will be redirected to http://example.com/...)
# uncomment the following:
# RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
# RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
# Modify the RewriteBase if you are using Drupal in a subdirectory or in a
# VirtualDocumentRoot and the rewrite rules are not working properly.
# For example if your site is at http://example.com/drupal uncomment and
# modify the following line:
# RewriteBase /drupal
#
# If your site is running in a VirtualDocumentRoot at http://example.com/,
# uncomment the following line:
RewriteBase /folder/
# Pass all requests not referring directly to files in the filesystem to
# index.php. Clean URLs are handled in drupal_environment_initialize().
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]
# Rules to correctly serve gzip compressed CSS and JS files.
# Requires both mod_rewrite and mod_headers to be enabled.
<IfModule mod_headers.c>
# Serve gzip compressed CSS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.css $1\.css\.gz [QSA]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1]
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
<FilesMatch "(\.js\.gz|\.css\.gz)$">
# Serve correct encoding type.
Header set Content-Encoding gzip
# Force proxies to cache gzipped & non-gzipped css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
</IfModule>
1 - Use this rule in your DOCUMENT_ROOT/.htaccess file as first rule:
RewriteEngine On
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^(map|dossier)(/|$) /folder%{REQUEST_URI} [L,NC]
2 - Use this rule in your DOCUMENT_ROOT/folder/.htaccess file as first rule:
RewriteEngine On
RewriteBase /folder/
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule !^(map|dossier|folder)(/|$) folder%{REQUEST_URI} [L,NC]

No input file specified when I click on a Joomla link if I activate the SEF option

I am finding some problems after the migration of my Joomla site from local server to my remote Linux server.
The website is this one: lnx.erusma.org
The problem is that if, in the SEO option of my administration pannel, I disable the URL SEF options it work well (as is now) but if I activate this option to have better links it give me the following error every time that I click on a link: No input file specified
I think that maybe it could depend by my .htacces file configuration that is the following one:
##
# #package Joomla
# #copyright Copyright (C) 2005 - 2013 Open Source Matters. All rights reserved.
# #license GNU General Public License version 2 or later; see LICENSE.txt
##
##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.
##
## Can be commented out if causes errors, see notes above.
#Options +FollowSymLinks
## Mod_rewrite in use.
RewriteEngine On
## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.
## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects
##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##
# RewriteBase /
## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.
Can you help me to solve this problem?
Tnx
Andrea
Ensure you have Apache's mod_rewrite turned on. I'm not sure if you have WHM or anything like that o your server but to check if it's turned on, read this:
How to check if mod_rewrite is enabled in php?
If it still doesn't work, try the following:
Rename htaccess.txt to .htaccess
Open the file and find the line that has “# RewriteBase /”
Remove the # sign to uncomment
Upload the .htaccess file
Enable SEF again in Global Configuration
Refresh browser and check to see if it is working.
Update:
Also try the following:
Bellow RewriteEngine on put
RewriteCond %{REQUEST_URI} ^/index\.php/
RewriteRule ^index.php/(.*) /$1 [R=301,L]

Joomla .htaccess rewrite

Just trying to change my URL from http://bruteforce.tv/index.php/streams/shinigamily
to
http://bruteforce.tv/shinigamily
I activated the Rewrite Option in the admin panel and used the original joomla htaccess file and the url went to
http://bruteforce.tv/streams/shinigamily
At this point I wrote RewriteRule ^streams/(.*)/?$ /$1 [L,NC,R] after the # RewriteBase /
Somehow it doesnt work. My webhost already edited his httpd.conf with
<Directory "/home/htdocs/webX/html">
AllowOverride All
Options +FollowSymLinks +SymLinksIfOwnerMatch
</Directory>
But it didnt change anything either.
Now, the hard way is much more advanced and requires you to do the
following:
Modify Joomla’s SEF core files in order to remove the category name
from the URL. (Note: There are several files that need to be changed.)
Ensure that the change you’ve done above is accommodated in your
.htaccess file.
Ensure that you don’t break any functionality with this code change.
Blackquote of http://www.itoctopus.com/how-to-remove-the-category-name-from-the-url-in-joomla
Now I feel sunk.
Here is my htacces file:
##
# #package Joomla
# #copyright Copyright (C) 2005 - 2013 Open Source Matters. All rights reserved.
# #license GNU General Public License version 2 or later; see LICENSE.txt
##
##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.
##
## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks
## Mod_rewrite in use.
RewriteEngine On
## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.
## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects
##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##
# RewriteBase /
## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
RewriteRule ^streams/(.*)/?$ /$1 [L,NC,R]
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.

Resources