Trying to figure out how to block an IP from accessing my website, other than one specific URL.
RewriteCond %{REMOTE_ADDR} = x.x.x.x [NC]
RewriteCond %{REQUEST_URI} !^/url/moreurl/ [NC]
RewriteRule .* - [R=404,L]
Right now it seems like it is blocking everything.
EDIT:
# Set our application environment
SetEnv ENVIRONMENT beta
SetEnvIf Origin "^http(s)?://(.+\.)?(somedomain.com|somedomain2.com)$" origin_is=$0
Header always set Access-Control-Allow-Origin %{origin_is}e env=origin_is
Header set Access-Control-Allow-Credentials true
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
RedirectMatch 404 ^/symfony/?$
RedirectMatch 404 ^/system/?$
RedirectMatch 404 ^/db/?$
RedirectMatch 404 ^/application/?$
RedirectMatch 404 ^/vendor/?$
RedirectMatch 404 ^/queue_workers/?$
RedirectMatch 404 ^/crons/?$
RedirectMatch 404 ^/[^/]\.(yml|json|lock)$
# Allow IP to Specific URL (TESTING - works until adding ! to REQUEST_URI)
RewriteCond %{HTTP:X-FORWARDED-FOR} ^123\.123\.123\.123
RewriteCond %{REQUEST_URI} !\s/url[NC]
RewriteRule ^ - [F]
# End of the line -- static files & directories, or otherwise pass into CI frontend controller
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>
Try this rule with THE_REQUEST as REQUEST_URI may change due to other rules:
RewriteCond %{REMOTE_ADDR} = x.x.x.x
RewriteCond %{THE_REQUEST} !\s/url/moreurl/ [NC]
RewriteRule ^ - [F]
Related
I am trying to redirect various pages with query strings in htaccess.
An example of the URL to be redirected is:
/item.htm?item_id=ACPEMEG465P-VE&product
I want to use a wildcard to catch anything alphanumeric after item_id*.
I want to redirect to the root domain and remove the query string. So after reviewing several guides, I have come up with:
RewriteCond %{QUERY_STRING} item_id(.*)$
RewriteRule ^item\.htm$ /? [L,R=301]
...But this doesn't seem to do anything - I'm just getting a 404. Can anyone tell me where I've gone wrong? I'm on Apache 2.4.6
Here is the htaccess:
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
# security measures
Header always set X-Frame-Options "sameorigin"
Header always set Referrer-Policy "same-origin"
Header always set Feature-Policy "geolocation 'self'; camera 'none'; microphone 'none'"
# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
RewriteCond %{QUERY_STRING} item_id(.*)$
RewriteRule ^item\.htm$ /? [L,R=301]
# BEGIN rlrssslReallySimpleSSL rsssl_version[3.3.4]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
#wpmu rewritecond companydomain.com
RewriteCond %{HTTP_HOST} ^companydomain\.com [OR]
RewriteCond %{HTTP_HOST} ^www\.companydomain\.com [OR]
#end wpmu rewritecond companydomain.com
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
# END rlrssslReallySimpleSSL
I have removed sections for compression, mod_mime, mod_headers and mod_expires as they are not relevant
Your new redirect rules comes after this rule:
RewriteRule . index.php [L]
This rule is rewriting all non-files and non-directories to /index.php and also updating REQUEST_URI variable to /index.php. Due to this your new rule:
RewriteCond %{QUERY_STRING} item_id(.*)$
RewriteRule ^item\.htm$ /? [L,R=301]
Will not execute because REQUEST_URI is not /item.htm anymore.
Once you move this rule to the top it works because REQUEST_URI is still /item.htm.
I have a client site who's business is closing. They want to keep their site up for now, but what they also want is that going to any previous URL, automatically redirects people to the homepage.
I've tried a number of ways to do it in .htaccess like the following:
RedirectMatch permanent .* http://www.hotskitchen.com
But nothing has worked. The only thing that happens is that the stylesheet goes away. What can I do to make this redirect work beyond writing lots of 301 redirects from individual pages?
Here's the complete .htaccess
# BEGIN W3TC Page Cache core
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteRule .* - [E=W3TC_ENC:_gzip]
RewriteCond %{HTTP_COOKIE} w3tc_preview [NC]
RewriteRule .* - [E=W3TC_PREVIEW:_preview]
RewriteCond %{REQUEST_METHOD} !=POST
RewriteCond %{QUERY_STRING} =""
RewriteCond %{REQUEST_URI} \/$
RewriteCond %{HTTP_COOKIE} !(comment_author|wp\-postpass|w3tc_logged_out|wordpress_logged_in|wptouch_switch_toggle) [NC]
RewriteCond "%{DOCUMENT_ROOT}/wordpress/wp-content/cache/page_enhanced/%{HTTP_HOST}/%{REQUEST_URI}/_index%{ENV:W3TC_PREVIEW}.html%{ENV:W3TC_ENC}" -f
RewriteRule .* "/wordpress/wp-content/cache/page_enhanced/%{HTTP_HOST}/%{REQUEST_URI}/_index%{ENV:W3TC_PREVIEW}.html%{ENV:W3TC_ENC}" [L]
</IfModule>
# END W3TC Page Cache core
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /wordpress/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /wordpress/index.php [L]
</IfModule>
# END WordPress
Redirect 301 /about http://www.hotskitchen.com/about-hots-kitchen/
Redirect 301 /about/our-concept http://www.hotskitchen.com/about-hots-kitchen/our-concept/
Redirect 301 /about/the-people http://www.hotskitchen.com/about-hots-kitchen/the-people/
Should do the trick for .htaccess:
RedirectMatch 301 ^/ http://www.hotskitchen.com/
Personally, I prefer mod_rewrite to achieve this when using Apache:
RewriteEngine On
Redirect 301 / http://www.hotskitchen.com/
Even better, a server listener in nginx for that specific domain name, which will work for any path:
server {
listen 80;
server_name www.oldwebsite.com;
return 301 http://www.hotskitchen.com/;
}
I have two separate .htaccess files that I'd like to be fused together so that the first rewrite always takes precedence, which redirects some traffic to https base which domain. Then if the file at the url does not exist, then it sends the traffic to a php file. It is a url shortener, but if that returns at 404, then it shows a 404 error page.
Here are the bits and pieces of the .htaccess files:
This, below, I believe should redirect all http traffic except kore.tt and korett.com to https:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^(www\.)?(kore\.tt|korett\.com) [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]
This is something from the url shortener that is supposed to send traffic that doesn't exist to loader.php
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ /loader.php [L]
</IfModule>
But then if that returns a 404 error. Then this is the simple 404 error catch.
ErrorDocument 404 /404.html
You can use a condition in your htaccess. There are many more ways to create rules. See if this can work for you.
#check to see if loader.php exists on the filesystem, then do rewrite
<If "-f %{DOCUMENT_ROOT} . '/loader.php'">
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ /loader.php [L]
</If>
#otherwise redirect to 404 page
<Else>
RewriteEngine On
RewriteRule ^ /404.html [R=404,L]
</Else>
What I ultimately am trying to do is forward any URL with www to it's non-www equivalent. So https://www.baremetrics.io/academy would automatically forward to https://baremetrics.io/academy.
Instead, those www pages forward to https://baremetrics.io/index.php
And I'm stumped on why. Hoping there's something in the .htaccess file that I'm overlooking.
Here is the contents of the .htaccess file for baremetrics.io:
Header set Access-Control-Allow-Origin "*"
# Turn on the Rewrite Engine
RewriteEngine On
# If you're running in a subfolder (like http://example.com/statamic),
# add that here. E.g. /statamic/
RewriteBase /
# Protect your system files from prying eyes
RewriteRule ^(_app) - [F,L]
RewriteRule ^(_config) - [F,L]
RewriteRule ^(_cache) - [F,L]
RewriteRule ^(_content) - [F,L]
RewriteRule ^(_logs) - [F,L]
RewriteRule ^(admin/themes/[^/]*/(?:layouts|templates)) - [F,L]
RewriteRule ^(.*)?\.yml$ - [F,L]
RewriteRule ^(.*)?\.yaml$ - [F,L]
RewriteRule ^(.*/)?\.git+ - [F,L]
# This will prevent all .html files from being accessed.
# You may want to remove this line if you want to serve
# static files outside of Statamic
# RewriteRule ^(.*)?\.html$ - [F,L]
# Remove trailing slashes from your URL
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)\/(\?.*)?$ $1$2 [R=301,L]
# Remove the index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [QSA,L]
# Redirect old pages
RedirectMatch 301 ^/signup(.*)$ https://dashboard.baremetrics.io/signup$1
RedirectMatch 301 ^/dashboard(.*)$ https://dashboard.baremetrics.io$1
RedirectMatch 301 ^/stats(.*)$ https://dashboard.baremetrics.io/stats$1
RedirectMatch 301 ^/billing\.html(.*)$ https://dashboard.baremetrics.io/billing.html$1
RedirectMatch 301 ^/switch(.*)$ https://dashboard.baremetrics.io/switch$1
# No WWW
RewriteCond %{HTTP_HOST} !^baremetrics.io$ [NC]
RewriteRule ^(.*)$ https://baremetrics.io/$1 [L,R=301]
For what it's worth, the site is deployed to Heroku.
The issue is that your other rules are taking place first which causes your non-WWW redirect to not trigger.
You can move your # No WWW rule right after RewriteBase / which should fix it.
Header set Access-Control-Allow-Origin "*"
# Turn on the Rewrite Engine
RewriteEngine On
# If you're running in a subfolder (like http://example.com/statamic),
# add that here. E.g. /statamic/
RewriteBase /
# No WWW
RewriteCond %{HTTP_HOST} !^baremetrics.io$ [NC]
RewriteRule ^(.*)$ https://baremetrics.io/$1 [L,R=301]
# Protect your system files from prying eyes
RewriteRule ^(_app) - [F,L]
RewriteRule ^(_config) - [F,L]
RewriteRule ^(_cache) - [F,L]
RewriteRule ^(_content) - [F,L]
RewriteRule ^(_logs) - [F,L]
RewriteRule ^(admin/themes/[^/]*/(?:layouts|templates)) - [F,L]
RewriteRule ^(.*)?\.yml$ - [F,L]
RewriteRule ^(.*)?\.yaml$ - [F,L]
RewriteRule ^(.*/)?\.git+ - [F,L]
# This will prevent all .html files from being accessed.
# You may want to remove this line if you want to serve
# static files outside of Statamic
# RewriteRule ^(.*)?\.html$ - [F,L]
# Remove trailing slashes from your URL
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)\/(\?.*)?$ $1$2 [R=301,L]
# Remove the index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [QSA,L]
# Redirect old pages
RedirectMatch 301 ^/signup(.*)$ https://dashboard.baremetrics.io/signup$1
RedirectMatch 301 ^/dashboard(.*)$ https://dashboard.baremetrics.io$1
RedirectMatch 301 ^/stats(.*)$ https://dashboard.baremetrics.io/stats$1
RedirectMatch 301 ^/billing\.html(.*)$ https://dashboard.baremetrics.io/billing.html$1
RedirectMatch 301 ^/switch(.*)$ https://dashboard.baremetrics.io/switch$1
Whenever I add the [NC] flag in .htaccess, it causes an Internal Server Error.
This works:
Redirect 301 /gabf http://www.mydomain.com/category/gabf
but this doesn't:
Redirect 301 /gabf http://www.mydomain.com/category/gabf [NC]
How can I allow things like /gabf, /GABF, /Gabf, etc?
Use this code:
RewriteEngine ON
RewriteRule ^gabf/?$ http://www.domain.com/category/gabf [R=301,NC,L]
before:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Wordpress overwrite all RewriteRule to index.php. If you put that first, this "gabf" rule will be executed first and since it's the last rule it will stop.
R=301 = Redirect Permanent and NC = No Case (case insensitive)