Is it possible to with this code or a simillar with same functions, deny every direct access?
At the moment If I access the website it wont load any css or js, I need to allow, but I have no idea how I should allow with RewriteRule
RewriteRule ^(functions/|dist/|includes/|css/|js/) - [F,L,NC]
ErrorDocument 403 https://example.com
ErrorDocument 404 https://example.com
Related
This is what I have in my htaccess file now and it's working well, but I want to change it so that traffic which is denied gets forwarded to another url. Is this possible?
<FilesMatch ^((sitemapfile|otherfile)\.php$)$>
order deny,allow
deny from all
allow from 69.16.233.219
</FilesMatch>
You can achieve this by setting the ErrorDocument 403 (forbidden) to redirect to whatever you need to, in your .htaccess file or apache config.
Example:
ErrorDocument 403 http://google.com
or if you need to redirect to a path relative to the domain
ErrorDocument 403 /forbidden
Please bear in mind that this will redirect the users for any 403 that occurs on the site, so use it carefully.
I have a htaccess file with following code when trying to block an IP:
DirectoryIndex index.php index.html
ErrorDocument 404 /errors.php
Order Allow,Deny
Deny from 188.143.232.
Allow from all
Blocking my own IP works when browsing www.example.com, but it does not block for anything else (like www.example.com/index.php or www.example.com/home, ....). The htaccess is located in the same directory as index.php (httpdocs folder).
How can I get it to work?
You can also use a mod-rewrite based ip-blocking to block unwanted ip(s) :
RewriteEngine on
#--if client ip==188.143.232
RewriteCond %{REMOTE_ADDR} ^188\.143\.232
#--forbid the request
RewriteRule ^ - [F,L]
I'm using a whitelist on IP's, and as such I'd like to inform the user why this is so.
order deny, allow
deny from all
allow from 24.11.95.152
My IP whitelist in HTACCESS ^
Now, I set the ErrorDocument to /403
ErrorDocument 403 /403
and finally I rewrite /403 to uhoh.php
RewriteEngine On
RewriteRule ^403/?$ uhoh.php [NC]
However, I still get the typical error from LiteSpeed.
You can use ErrorDocument directly with the file you wish to use for custom message.
In your case would look like this:
ErrorDocument 403 /uhoh.php
From your example, it looks like you're trying to double redirect the error page which is not really needed.
I keep getting close to what I want, but I'm not quite there. Basically, I need to block direct access to a subdirectory, but treat it like a custom error message and not a redirect. I need to maintain the URL so that an index.php file can see the requested filename, and filter site member permissions against it, and then return the file itself. I think, if I can force a 403 error on denied access, then the ErrorDocument would take over. The following .htaccess is in the "files_dir" directory. the ErrorDocuments have already been working for me for a while, but the denied access is giving trouble:
<Files ~ "^/files_dir/protected_dir/.*$">
Order allow,deny
Deny from all
Satisfy All
</Files>
ErrorDocument 404 /files_dir/index.php
ErrorDocument 403 /files_dir/index.php
ErrorDocument 405 /files_dir/index.php
I would approach this with a rewrite rule:
RewriteCond %{PATH_INFO} ^/files_dir/protected_dir/ [NC]
RewriteRule .* - [F]
This won't cause a redirect (the URL would stay intact in the browser), but would return 403 Forbidden.
Don't get why you want apache to send the 403. You could just do that with php. The only thing you need is to rewrite all urls in the protected dir to index.php.
RewriteRule ^protected_dir/ index.php
then in php
if( !$logged_in )
{
header('HTTP/1.1 403 Forbidden');
echo 'not allowed. etc.';
...
How can I get the user to be redirected if their IP was matched on the deny of an IP address, e.g.
<Limit GET POST PUT>
order allow,deny
allow from all
deny from {removed IP address}
</Limit>
I need them to be redirected to a specific website when they are denied from accessing.
Needing help with this..
Setup a script to handle 403 errors by adding this line to your .htaccess:
ErrorDocument 403 /forbidden.php
Then handle the redirect in the script:
<?php
header('Location: http://google.com');
Or to keep it all in .htaccess you could do:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} 127.0.0.1
RewriteRule (.*) http://google.com [R]
Simple solution using only htaccess
ErrorDocument 403 https:///google.com
Order Allow,Deny
Allow from 127.0.0.0/8
Allow from x.x.x.x
Allow from y.y.y.y
Make sure to comment out the directives in welcome.conf, otherwise it will keep overriding your custom ErrorDocument directive.
After that, you can put your ErrorDocument directive in VirtualHost, Document directive or in your .htaccess https://httpd.apache.org/docs/2.4/custom-error.html
Like so:
ErrorDocument 403 <Local file/Remote URL>
And if this doesn't work, then you will have to look into your CORS rule