I'm trying to limit/eliminate duplication.
According to my (limited) understanding of some LAMP hosting providers (especially on shared servers) there are some PHP-ini directives that are ignored when set inside the PHP-script, but is accepted when set in the .htaccess; the process-flow should be quite simple:
detect any mod_php* -and set an environment variable if found
check this environment variable and set all php_value directives ONCE
redirect all requests to PHP for handling requests according to config
The objective is to withhold all content unless PHP is available to handle the request according to config -- per user/bot/api/etc. ..and by this obviously not serve any PHP-code as text O_o
I have no idea why this has to be any more complicated, but I refuse to accept that I have to duplicate a (long) list of php_value directives 4 times -- just because the Apache-conf is too (expletive deleted) to handle the simplest logical conditions .. (face-desk) .. or maybe i just don't know enough about Apache-conf, please help; the code below throws a 400 error, and I can't get it to work unless I duplicate each block for every php-version -and each hosting provider's own mod_php*suffix -for PHP-version-hot-switching.
Here's what [bl/thr]ows:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
<IfModule mod_php_null.c>
SetEnv MODPHP 1
</IfModule>
<IfModule mod_php5.c>
SetEnv MODPHP 1
</IfModule>
<IfModule mod_php7.c>
SetEnv MODPHP 1
</IfModule>
<If "%{ENV:MODPHP} =1">
php_value expose_php Off
php_value short_open_tag On
php_value display_errors On
php_value max_execution_time 60
php_value default_charset UTF-8
# list shortened for brevity
RewriteCond %{DOCUMENT_ROOT}/.auto.php -f
RewriteRule ^(.*)$ .auto.php [L]
</If>
</IfModule>
The code below works, however; note that:
<IfModule mod_authz_core.c> is used to verify Apache2.4 -for <If>
RewriteRule is used to define the variable
REDIRECT_ is (conditionally) prefixed to the variable name
RewriteCond %{ENV:MODPHP} ^1$ is used to test if the variable is 1.
<IfModule mod_rewrite.c>
<IfModule mod_authz_core.c>
RewriteEngine On
RewriteBase /
<IfModule mod_php_null.c>
RewriteRule .* - [E=MODPHP:1]
</IfModule>
<IfModule mod_php5.c>
RewriteRule .* - [E=MODPHP:1]
</IfModule>
<IfModule mod_php7.c>
RewriteRule .* - [E=MODPHP:1]
</IfModule>
<If "%{ENV:REDIRECT_MODPHP} =1">
php_value expose_php Off
php_value short_open_tag On
php_value display_errors On
php_value max_execution_time 60
php_value default_charset UTF-8
</If>
RewriteCond %{ENV:MODPHP} ^1$
RewriteCond %{DOCUMENT_ROOT}/.auto.php -f
RewriteRule ^(.*)$ .auto.php [L]
</IfModule>
</IfModule>
Related
On chrome (tried many devices)
My (Angular) web app is sitting on a subdomain and referencing media in a folder in the main domain using https. When using http to access the web app, all media referenced load well but when using https to access the web app, the media don't load and on inspection, media fetch are showing 504 error.
But on Firefox, everything is fine.
Please what could be wrong? Could be the .htaccess configuration or something?
Chrome Developer Tool (Network Tab)
enter image description here
My .htaccess file
`
RewriteEngine on
<FilesMatch "\.(mp4)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Max-Age "3600"
</IfModule>
</FilesMatch>
# RewriteCond %{HTTPS} !on
# RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ /index.html [L,QSA]
</IfModule>
# RewriteRule ^.*$ /index.php [L,QSA]
#for passing HTTP AUTHORIZATION header
CGIPassAuth On
# BEGIN cPanel-generated php ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.
# To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
# For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
<IfModule php7_module>
php_flag display_errors Off
php_value max_execution_time 30
php_value max_input_time 60
php_value max_input_vars 1000
php_value memory_limit 128M
php_value post_max_size 120M
php_value session.gc_maxlifetime 1440
php_value session.save_path "/var/cpanel/php/sessions/ea-php73"
php_value upload_max_filesize 120M
php_flag zlib.output_compression On
</IfModule>
<IfModule lsapi_module>
php_flag display_errors Off
php_value max_execution_time 30
php_value max_input_time 60
php_value max_input_vars 1000
php_value memory_limit 128M
php_value post_max_size 120M
php_value session.gc_maxlifetime 1440
php_value session.save_path "/var/cpanel/php/sessions/ea-php73"
php_value upload_max_filesize 120M
php_flag zlib.output_compression On
</IfModule>
# END cPanel-generated php ini directives, do not edit
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php80” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php80___lsphp .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
`
I have searched the internet for solution but clear cut answer
Looks like this question has been asked before, but none of the solutions there worked for me.
I want to create a testing environment for my working Codeigniter (version 3.1.9) website.
I thought I'd do it using a subdomain on my main domain.
I set the subdomain (test.mydoaim.com) through cPanel, and copied all the code files to the relevant directory.
Now, when I go to test.mydomain.com, or to test.mydomain.com/controller_name, it all works well, but when I try any inner links (such as test.mydomain.com/controller_name/anything), I get nothing on Firefox, or this error message on Chrome:
This page isn’t working
www.test.mydomain.com is currently unable to handle this request.
When I change this line on the subdomain htaccess file:
RewriteRule ^(.*)$ index.php/$1 [L]
To this line:
RewriteRule ^(.*)$ /test/index.php/$1 [L]
The error on the same inner pages changes to:
500 Internal Server Error An internal server error has occured.
And that error also appears on test.mydomain.com/controller_name, which was accessible before I changed the htacces file.
So, since the error messages has changed following the alteration, I'm guessing this issue is indeed htaccess related, but I just don't know what should the correct syntax be.
This is the full htacces file:
RewriteOptions inherit
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /test/index.php/$1 [L]
# for non www urls, add www and force https:
RewriteCond %{HTTP_HOST}(.*) !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R,L]
# BEGIN cPanel-generated php ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.
# To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
# For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
<IfModule php7_module>
php_flag display_errors Off
php_value max_execution_time 120
php_value max_input_time 60
php_value max_input_vars 1000
php_value memory_limit 128M
php_value post_max_size 8M
php_value session.gc_maxlifetime 1440
php_value session.save_path "/var/cpanel/php/sessions/ea-php70"
php_value upload_max_filesize 32M
php_flag zlib.output_compression Off
</IfModule>
<IfModule lsapi_module>
php_flag display_errors Off
php_value max_execution_time 120
php_value max_input_time 60
php_value max_input_vars 1000
php_value memory_limit 128M
php_value post_max_size 8M
php_value session.gc_maxlifetime 1440
php_value session.save_path "/var/cpanel/php/sessions/ea-php70"
php_value upload_max_filesize 32M
php_flag zlib.output_compression Off
</IfModule>
# END cPanel-generated php ini directives, do not edit
RewriteCond %{HTTP_HOST} ^domain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.domain\.com$
RewriteRule ^(.*)$ "https\:\/\/mydomain\.com\/$1" [R=301,L]
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “alt-php70” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-alt-php70 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
This is my config/routes.php files, in case it is also related:
$route['default_controller'] = 'website';
$route['404_override'] = 'student/four_o_four';
$route['translate_uri_dashes'] = FALSE;
$route['demo'] = 'student/demo';
I Am Trying To Install A Kohana Based Script But I Am Getting A Error See Above In The Image
Error
And I Could Not Find What To Do But I Am Sue it Is Related To .Htaccess
SetEnv KOHANA_ENV development
# Protect hidden files from being viewed
<Files .*>
Order Deny,Allow
Deny From All
</Files>
# Disable directory listing
Options -Indexes
<IfModule mod_rewrite.c>
# Turn on URL rewriting
RewriteEngine On
# Installation directory
RewriteBase /
# Protect hidden files from being viewed
<Files .*>
Order Deny,Allow
Deny From All
</Files>
# Protect application and system files from being viewed
RewriteRule ^(?:application|modules|system)\b.* index.php/$0 [L]
# Allow any files or directories that exist to be displayed directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Rewrite all other URLs to index.php/URL
# RewriteRule .* index.php/$0 [PT]
RewriteRule .* index.php [PT]
# Remove trailing slash
# RewriteRule ^(.*)\/(\?.*)?$ $1$2 [R=301,L]
# RewriteRule ^(.+)/$ /$1 [R=301,L]
# RewriteCond %{REQUEST_FILENAME} !-d
# RewriteRule ^(.+)/$ $1 [L,R=301]
</IfModule>
<IfModule mod_php5.c>
php_value magic_quotes_gpc 0
php_value register_globals 0
php_value session.auto_start 0
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_value mbstring.encoding_translation 0
</IfModule>
according to script owner they said do step 3
Run the installer
Open .htaccess and make the following changes:
Set the correct RewriteBase
but i do not know what to write and what to edit in it i need a little bit help over it
The error means that the application, modules and system folders are not in the same directory as index.php. If you've moved /renamed them you need to change their location in index.php.
If you deleted/modified something by accident, try download Kohana again, obviously the error has nothing to do with .htaccess.
For more info, read the docs https://kohanaframework.org/3.3/guide/kohana/install
RewriteEngine On
RewriteCond %{HTTP_HOST} !^(piwik|www)\.domain\.com$ [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301]
I want to force "www" on the root of domain.com. Using the method above I can access piwik.domain.com insecurely (http://) but not over SSL. When I try accessing https://piwik.domain.com I am redirected to https://www.domain.com.
The SSL certificate is installed to *.domain.com
Edit: Subdomains Configuration
*.domain.com -> public_html
piwik.domain.com -> public_html/subdomain/piwik
Edit: Entire contents of htaccess
suphp_configpath /home/moninsha/public_html
###Redirect non-www urls to it's exact match www URL
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} !^(piwik|www)\.moninstore\.com$ [NC]
RewriteRule ^(.*)$ http://www.moninstore.com/$1 [L,R=301]
</IfModule>
############################################
## uncomment these lines for CGI mode
## make sure to specify the correct cgi php binary file name
## it might be /cgi-bin/php-cgi
# Action php5-cgi /cgi-bin/php5-cgi
# AddHandler php5-cgi .php
############################################
## GoDaddy specific options
# Options -MultiViews
## you might also need to add this line to php.ini
## cgi.fix_pathinfo = 1
## if it still doesn't work, rename php.ini to php5.ini
############################################
## this line is specific for 1and1 hosting
#AddType x-mapp-php5 .php
#AddHandler x-mapp-php5 .php
############################################
## default index file
DirectoryIndex index.php
<IfModule mod_php5.c>
############################################
## adjust memory limit
# php_value memory_limit 64M
php_value memory_limit 256M
php_value max_execution_time 18000
############################################
## disable magic quotes for php request vars
php_flag magic_quotes_gpc off
############################################
## disable automatic session start
## before autoload was initialized
php_flag session.auto_start off
############################################
## enable resulting html compression
#php_flag zlib.output_compression on
###########################################
# disable user agent verification to not break multiple image upload
php_flag suhosin.session.cryptua off
###########################################
# turn off compatibility with PHP4 when dealing with objects
php_flag zend.ze1_compatibility_mode Off
</IfModule>
<IfModule mod_security.c>
###########################################
# disable POST processing to not break multiple image upload
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
<IfModule mod_deflate.c>
############################################
## enable apache served files compression
## http://developer.yahoo.com/performance/rules.html#gzip
# Insert filter on all content
SetOutputFilter DEFLATE
# Insert filter on selected content types only
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
# Netscape 4.x has some problems...
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Don't compress images
#SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</IfModule>
<IfModule mod_ssl.c>
############################################
## make HTTPS env vars available for CGI mode
SSLOptions StdEnvVars
</IfModule>
<IfModule mod_rewrite.c>
############################################
## enable rewrites
Options +FollowSymLinks
RewriteEngine on
############################################
## you can put here your magento root folder
## path relative to web root
#RewriteBase /magento/
############################################
## uncomment next line to enable light API calls processing
# RewriteRule ^api/([a-z][0-9a-z_]+)/?$ api.php?type=$1 [QSA,L]
############################################
## rewrite API2 calls to api.php (by now it is REST only)
RewriteRule ^api/rest api.php?type=rest [QSA,L]
############################################
## workaround for HTTP authorization
## in CGI environment
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
############################################
## TRACE and TRACK HTTP methods disabled to prevent XSS attacks
RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
RewriteRule .* - [L,R=405]
############################################
## redirect for mobile user agents
#RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
#RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
#RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]
############################################
## always send 404 on missing files in these folders
RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
############################################
## never rewrite for existing files, directories and links
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
############################################
## rewrite everything else to index.php
RewriteRule .* index.php [L]
</IfModule>
############################################
## Prevent character encoding issues from server overrides
## If you still have problems, use the second line instead
AddDefaultCharset Off
#AddDefaultCharset UTF-8
<IfModule mod_expires.c>
############################################
## Add default Expires header
## http://developer.yahoo.com/performance/rules.html#expires
ExpiresActive On
ExpiresDefault "modification plus 2 weeks"
</IfModule>
############################################
## By default allow all access
Order allow,deny
Allow from all
###########################################
## Deny access to release notes to prevent disclosure of the installed Magento version
<Files RELEASE_NOTES.txt>
order allow,deny
deny from all
</Files>
############################################
## If running in cluster environment, uncomment this
## http://developer.yahoo.com/performance/rules.html#etags
#FileETag none
It seems that by default the HTTPS protocol will default to one domain. If you have any subdomains you wish to map with a wildcard SSL certificate you will need to do so using .htaccess rewrites like the following:
Since, for me, domain.com is mapped to ~/public_html/ and assuming that piwik.domain.com is mapped to ~/public_html/subdomain/piwik/ you would use the following:
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/subdomain/piwik/
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} ^piwik.domain.com
RewriteRule ^(.*)$ /subdomain/piwik/$1 [NC,L,NS]
Then just clear your local browser's cache.
I've got this gigantic .htaccess file, and I believe it prevents users not on the local network from accessing a given site.
I am trying to interpret it, but the only part I know of that would limit access is the order allow, deny portion, and I don't see anything that I would suspect is external IPs.
Here's the code:
#
# Apache/PHP/Drupal settings:
#
# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl|svn-base)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template|all-wcprops|entries|format)$">
Order allow,deny
</FilesMatch>
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# Follow symbolic links in this directory.
Options +FollowSymLinks
# Make Drupal handle any 404 errors.
ErrorDocument 404 /index.php
# Force simple error message for requests for non-existent favicon.ico.
<Files favicon.ico>
# There is no end quote below, for compatibility with Apache 1.3.
ErrorDocument 404 "The requested file favicon.ico was not found.
</Files>
# Set the default handler.
DirectoryIndex index.php
# Override PHP settings. More in sites/default/settings.php
# but the following cannot be changed at runtime.
# PHP 4, Apache 1.
<IfModule mod_php4.c>
php_value magic_quotes_gpc 0
php_value register_globals 0
php_value session.auto_start 0
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_value mbstring.encoding_translation 0
</IfModule>
# PHP 4, Apache 2.
<IfModule sapi_apache2.c>
php_value magic_quotes_gpc 0
php_value register_globals 0
php_value session.auto_start 0
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_value mbstring.encoding_translation 0
</IfModule>
# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
php_value magic_quotes_gpc 0
php_value register_globals 0
php_value session.auto_start 0
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_value mbstring.encoding_translation 0
</IfModule>
# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
# Enable expirations.
ExpiresActive On
# Cache all files for 2 weeks after access (A).
ExpiresDefault A1209600
<FilesMatch \.php$>
# Do not allow PHP scripts to be cached unless they explicitly send cache
# headers themselves. Otherwise all scripts would have to overwrite the
# headers set by mod_expires if they want another caching behavior. This may
# fail if an error occurs early in the bootstrap process, and it may cause
# problems if a non-Drupal PHP file is installed in a subdirectory.
ExpiresActive Off
</FilesMatch>
</IfModule>
# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
# If your site can be accessed both with and without the 'www.' prefix, you
# can use one of the following settings to redirect users to your preferred
# URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
#
# To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/... will be redirected to http://www.example.com/...)
# adapt and uncomment the following:
# RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
# RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
#
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/... will be redirected to http://example.com/...)
# uncomment and adapt the following:
# RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
# RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]
# Modify the RewriteBase if you are using Drupal in a subdirectory or in a
# VirtualDocumentRoot and the rewrite rules are not working properly.
# For example if your site is at http://example.com/drupal uncomment and
# modify the following line:
# RewriteBase /drupal
#
# If your site is running in a VirtualDocumentRoot at http://example.com/,
# uncomment the following line:
# RewriteBase /
# Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
</IfModule>
# $Id$
# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl|svn-base)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template|all-wcprops|entries|format)$">
Order allow,deny
</FilesMatch>
Matches the extentions in brackets and set Allow/Disallor-Order
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
As the comment says
# Follow symbolic links in this directory.
Options +FollowSymLinks
As the comment says
# Make Drupal handle any 404 errors.
ErrorDocument 404 /index.php
Sets the Document which is shown after a 404 (Not Found) Error
# Force simple error message for requests for non-existent favicon.ico.
<Files favicon.ico>
# There is no end quote below, for compatibility with Apache 1.3.
ErrorDocument 404 "The requested file favicon.ico was not found.
</Files>
favicon.ico gets a special 404-error page
# Set the default handler.
DirectoryIndex index.php
You request "/" which file has to be displayed
# Override PHP settings. More in sites/default/settings.php
# but the following cannot be changed at runtime.
As it says
# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
# Enable expirations.
ExpiresActive On
# Cache all files for 2 weeks after access (A).
ExpiresDefault A1209600
<FilesMatch \.php$>
# Do not allow PHP scripts to be cached unless they explicitly send cache
# headers themselves. Otherwise all scripts would have to overwrite the
# headers set by mod_expires if they want another caching behavior. This may
# fail if an error occurs early in the bootstrap process, and it may cause
# problems if a non-Drupal PHP file is installed in a subdirectory.
ExpiresActive Off
</FilesMatch>
</IfModule>
Enabled the cache-header, but not for *.php
# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
# Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
</IfModule>
As the comment says: Rewrite the url, so that index.php is called.