I have my files in the root directory on 000webhost. This is the public_html folder. In the example given in the link below, the files in a folder are prevented from direct access.
Deny access to all files in a directory unless a specific php page is referrer
I would like to keep all my files in the root directory public_html rather than putting some in a separate folder. I also would like to prevent direct access to any file except for login.php, which I intend to login to my home page home.php. How would I go about changing the last line from the above link to refer to my root directory instead of a sub folder, and add exception to login.php?
RewriteEngine On
RewriteCond %{HTTP_REFERER} !login.php
RewriteRule ^uploads/downloads/ - [L,R=404]
I would like to modify the third line RewriteRule ^uploads/downloads/ - [L,R=404] so that
Instead of referencing the folder uploads/downloads/ I reference my root directly public_html in 000webhost, because all my files are placed there for convenience.
I add exception to my login page login.php, so that my login.php can be directly access while no other file can be directly accessed.
Related
I have a site https://sitename.com/web (example). So, full path to page is sitename.com/web/index.php. On ftp server there is folder /web which also contain second page file - index-2.php. How to avoid creating /web-2/ folder and redirect index-2.php to sitename.com/web-2 ?
Easy, create an .htaccess file inside the root folder of your site, then add the following lines to it:
RewriteEngine On
RewriteRule ^web-2$ index-2.php [QSA,L,NC]
This site might help you with htaccess:
https://www.htaccessredirect.net/
A nice tutorial on .htaccess files also below:
https://www.digitalocean.com/community/tutorials/how-to-use-the-htaccess-file
i am sorry if this question has been ask before.
I have a folder that look like: project/version/download.zip
but the thing is i have multiple project folder and with multiple version folder
where I have a few files that i do not want anyone to access to in version folder but i want to allow user to access to download.zip
my question is how do i block access to other files but allow user to download the zip?
as for the file is just a File type.
or should i just transfer the zip file to some other folders and put deny from all in the project folder?
Please advice ^^ thank you
if your folder where your zip file resides, try adding .htaccess file with following in it:
Order Allow,Deny
Deny from all
<FilesMatch "\.zip$">
Order Deny,Allow
Allow from all
</FilesMatch>
Assuming you don't have .htaccess files in your version folders yet. If you have mod_rewrite enabled you should be able to do something like this:
First add a .htaccess file to the version folder. Add the following to that file
RewriteCond %{REQUEST_URI} !(download\.zip|grumpycat\.png)$
RewriteRule ^ [F,L]
Since the .htaccess file is in the version folder, all filenames are automatically prefixed with version/. It will block access to all files in that folder, and subfolders without .htaccess, except for download.zip and grumpycat.png. You can simpy copy and paste this file in any subfolder you want to restrict access to.
Alternativelly, if you alter the code slightly, you can instead make a .htaccess in your document root. You would do something like this:
RewriteCond %{REQUEST_URI} ^/(version|version1337|version9001)
RewriteCond %{REQUEST_URI} !(download\.zip|grumpycat\.png)$
RewriteRule ^ [F,L]
Now the requested url must begin with version, version1337 or version9001 and must not end with one of those filenames to trigger the forbidden error. Otherwise the file will be shown.
I have a folder in my public_html directory named landingPages which obviously holds all our Landing Pages.
The problem is all the URLs on Google AdWords etc. are set to the public_html folder, for example:
http://www.example.com/landingPage1.php
Putting all the files in the new landingPages directory was done to clear up the public_html directory and seperate everything a bit but changing all the URLs is something we want to avoid.
I want that if you go to to http://www.example.com/landingPage1.php in the browser that it actually loads whats inside the landingPages folder so it calls http://www.example.com/landingPages/landingPage1.php in the background.
I have tried a few things but can't seem to find a catch all version to determine if whatever is requested in the browser is present in the landingPages folder and if so to re-direct or if this sort of catch all request is at all possible.
If not, I guess I would have to manually create rules for each file I want re-directed including any future created Landing Pages which is what I am trying to avoid here.
put this code in your .htaccess under the website root directory, this will check if the file exists in landingPages folder, if so, it will load the content of that file.
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}/landingPages/$1 -f [NC]
RewriteRule ^([^/]+)$ /landingPages/$1 [L,QSA]
Current URL
http://www.example.com/admin/data/img/gallery/myimages.jpg
http://www.example.com/admin/data/content/mycontents.html
So
Current SCRIPTS / HTMLS / FILES OF WEBPAGE CONTAIN and shows in browser source code
<img src="/admin/data/img/gallery/myimage.jpg">
<?php include("/admin/data/content/mycontents.html"); ?>
This is "CMS system" in a folder named "admin"
What i want to do is Hide the admin folder from every script /php/html output to browser.
So no body can see or search engines can't capture this area (Security concern)
So when the browser output the content or script it will rewrite the above urls to this
Removing the admin
http://www.example.com/data/img/gallery/myimages.jpg
http://www.example.com/data/content/mycontents.html
Inside browser source code
<img src="/data/img/gallery/myimage.jpg">
or
removing the data too
http://www.example.com/img/gallery/myimages.jpg
http://www.example.com/content/mycontents.html
Kindly help also it must work for www.example.com as well as example.com
Solution through htaccess and mod_rewrite
i do not have access to httpd.conf
Also i do not want to move the folder a lots of scripts are there in the folder so have to write a lot.
Also tell me where should i place it in the root or in the admin folder
Thank you
You could try adding this to the .htaccess file in your document root (where the "admin" folder is in):
RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}/admin/data/%{REQUEST_URI} -f [OR]
RewriteCond %{DOCUMENT_ROOT}/admin/data/%{REQUEST_URI} -d
RewriteRule ^(.*)$ /admin/data/$1 [L]
The conditions check that if the request URI gets prepended with "/admin/data/", if it points to an existing file or directory. If it does, then rewrite the URI so that there's an "/admin/data/" in front of the request. If you don't want to be able to map directories into /admin/data, then remove the second condition (the one with -d) and remove the [OR] flag from the first.
Ok, I'm clueless here...
I need to rewrite a directory structure and all sub-directories within it to a directory within the same server, but a root that is before the directory.
For example:
http://www.mydomain.com/Themes/default/css/folder
and all directories called upon after folder. Such as folder/sub_folder or folder/afolder/anotherfolder, it needs to include ALL sub-directories within the folder directory.
should be redirected to this:
http://www.mydomain.com
How do I do this via a .htaccess file within the folder path http://www.mydomain.com/Themes/default/css/folder?
Please someone help.
Thanks guys :)
The files within the directory structure still need to be accessible for that structure when called via PHP, but I don't want people being able to browse to http://www.mydomain.com/Themes/default/css/folder and be shown all subdirectories within that folderpath and/or all files. Same thing for all sub-directories that follow that folder path.
I'd like to be able to place the .htaccess file within the http://www.mydomain.com/Themes/default/css/folder directory on the server, but don't know exactly what code to use for this.
ALSO, even more challenging... The domain name can change, so I'd rather not use the domain name within the .htaccess file, instead perhaps use .. or . to go up a directory or a different method of grabbing the domain name within the .htaccess file.
Create a .htaccess file in /Themes/default/css/folder and place these lines there (it requires mod_rewrite):
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ http://%{HTTP_HOST}/ [R=301,L]
It will redirect (301 Permanent Redirect) all requests to a folder to a homepage. If file is requested, it will allow it.
If you want to have it working for folders as well as files then remove the RewriteCond line -- it will redirect ALL requests (even for non-existing URLs) to a homepage.
If you will see "500 Internal Server Error" after creating such file, then it is your server configuration: mod_rewrite may not be enabled or it's directives (RewriteRule, RewriteCond, RewriteEngine) are not allowed to be placed in .htaccess. In any case -- check Apache's error log for exact error message (it will give you the exact reason).
http://www.besthostratings.com/articles/prevent-directory-listing.html
IndexIgnore *