Someone has pointed a host towards my site, I would like to 404 any requests coming from any host that is not my host, how can I do that with htaccess?
You can use a top rule like this in your site root .htaccess or Apache config files:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^(?:www\.)?example\.com$ [NC]
RewriteRule ^ - [F]
This will return more appropriate 403 (forbidden) error to any request that doesn't example.com or www.example.com in request.
Change example.com to your actual host name.
Related
I have an IIS website (ISAPI Rewrite 3) with two domain aliases:
example.com (primary domain)
example.net
example.org
Example.com has an SSL cert. The others do not.
Consequently, I want to forward all HTTP and HTTPS traffic to HTTPS://EXAMPLE.COM. My .htaccess rules work fine except when requesting HTTPS://EXAMPLE.NET or HTTPS://EXAMPLE.ORG - it generates a 404 error. If I request HTTP://EXAMPLE.NET, HTTP://EXAMPLE.ORG, or HTTP://EXAMPLE.COM, .htaccess works fine - all requests are forwarded to HTTPS://EXAMPLE.COM.
Here's my super-simple .HTACCESS directive:
RewriteCond %{HTTP_HOST} ^example\.(com|net|org)$ [NC]
RewriteRule ^(.*)$ https://example.com/$1 [L]
Any ideas why this is happening or how to fix it? Is the server intercepting secure requests for insecure domains and throwing a 404 before processing .htaccess?
Any assistance is appreciated.
I'm using this rule in .htaccess to redirect requests to a subdirectory, say 'images', and anything inside it:
RedirectMatch 403 ^/images/.*$
However, the problem is that requests from my own domain are blocked too, so there are no images displayed on the site.
So I would like to insert an exception, for mydomain.com.
Any hints appreciated.
You can not add exception to your domain with RedirectMatch directive.
You need mod_rewrite here
RewriteEngine on
RewriteCond %{HTTP_HOST} !^(www\.)?domain.com$ [NC]
RewriteRule ^images/.*$ - [R=403,L]
The rule will return 403 forbidden error for /images except "domain.com".
Replace domain.com with yourdomain.com
I implemented a DNS-level 301 redirect in my Namecheap console, which redirected my old sub-domain assets.websitename.com to websitename.com/assets.
However, when trying to access assets.websitename.com/css/main.css, the client will be redirected to websitename.com/css/main.css/assets. I intended to redirect the user to websitename.com/assets/css/main.css.
So my question is:
How can I properly configure the 301 redirect?
Apache
If using .htaccess or similar in Apache web server:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} assets.websitename.com$ [NC]
RewriteRule ^(.*)$ http://websitename.com/assets/$1 [L,R=301]
Namecheap
Since you're using the Namecheap control panel, try this:
Make sure you have a slash at the end of the IP Address / URL box. So it should look like this:
HOSTNAME IPADDRESS/URL REDIRECTTYPE
assets http://websitename.com/assets/ URL Redirect
notice the slash at the end of http://websitename.com/assets/
I've been trying to limit access to a specific subdomain via the server port, e.g. it can only be accessed from subdomain.domain.com:8443 and no other ports.
I'm currently using hostgator for my webhost, and it's already been setup such that subdomain.domain.com points to the correct subdirectory.
Now in the htaccess file, I'm currently trying this:
Options +FollowSymLinks
RewriteEngine on
RewriteBase /subdomain
RewriteCond %{SERVER_PORT} !^8443$
RewriteRule ^ - [F]
RewriteCond %{SERVER_PORT} ^8443$
RewriteRule ^(.*)$ http://%{HTTP_HOST}/subdomain/$1 [R=301,L]
As far as the blocking of other ports goes, it seems to work since accessing either subdomain.domain.com or www.domain.com/subdomain, I get a 403 forbidden page. But I can't get it to load the normal content correctly when I do access it via subdomain.domain.com:8443 or www.domain.com:8443/subdomain. Am I doing the rewrite conditions and rules correctly?
Thanks!
The R=301 tells the server to do a redirect, not a (silent) rewrite. So, when you load via 8443, the user is redirected to http://%{HTTP_HOST}/subdomain/$1 without the port 8443 specification and they are then blocked by the first rule. If you do a curl -I on subdomain.domain.com:8443 you should see the 301 redirect code rather than 200.
Remove the R=301 and remove the full domain specification in the final RewriteRule to leave:
RewriteRule ^(.*)$ subdomain/$1 [L]
This should do a silent rewrite of the content.
I have a WordPress site which works fine if I access it through the full name of the domain, example www.example.com. However if I try to access it without typing the www e.g example.com, I get the following error:
Origin http://example.com is not allowed by Access-Control-Allow-Origin.
The only solution I can think of is to append / rewrite any request to example.com to www.example.com. How can I achieve this with .htaccess?
Add this above any wordpress rules in your htaccess file:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www\.%{HTTP_HOST}/$1 [L,R=301]
For those who encountered this with WordPress. I got it fixed by installing this plugin https://github.com/jacopotarantino/WordPress-Cross-Domain-Plugin and add the site into "Allowed Domains".