I have html files and has no html extension, when I link to this files apache downloads file instead open it.
How can I serve this html files? (with htaccess)
Note: I need this to serve more than 10k html files not for single special file
Per the documentation for the <Files> directive you can use wildcard strings with ? and *, and nest the Files directives inside Directory directives, to target any number of files without explicitly defining their names. Within the directive, use AddType or ForceType as you need. If you want to target all files, for example, and serve them all with the same mime type (in this example, HTML), then you might use:
<Files "*">
ForceType text/html *
</Files>
Related
I have adapted the .htaccess on my WordPress site and made additions such as the activation of GZIP.
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
</IfModule>
Then I put a rule in the subfolder that should prohibit access to certain pages.
<FilesMatch "connection\.php|data\.php|protection\.php">
order allow,deny
deny from all
</FilesMatch>
Of course, I wanted the rules created in the root folder to also apply to the additional rules in the subfolders (of course only in the respective folders). Today I read a article that made me suspicious in which I read that a .htaccess file in a subfolder completely overwrites a .htaccess file from a parent folder and not adds the new specific points and only when a new point is added to a point from the higher-level folders which is suppose it gets overwritten. So I tried it out and in my opinion it is not true because, according to GZIP Tester, the files are also got zipped in the folder where I don't add this
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
</IfModule>
Here is a diagram from the page where I found this article.
It's German, but I think you will understand that. (Verzeichnis = Root folder, Unterverzeichnis = subfolder)
The question is what's right, did I make a mistake and have to re-list the rules every time I want to extend the root folder in each .htaccess file (in sub-folders) or was the text on the website just wrong?
From the official Apache docs (https://httpd.apache.org/docs/current/howto/htaccess.html#how):
The configuration directives found in a .htaccess file are applied to the directory in which the .htaccess file is found, and to all subdirectories thereof. However, it is important to also remember that there may have been .htaccess files in directories higher up. Directives are applied in the order that they are found. Therefore, a .htaccess file in a particular directory may override directives found in .htaccess files found higher up in the directory tree. And those, in turn, may have overridden directives found yet higher up, or in the main server configuration file itself.
I need to make PDF files that are stored in a folder (with subfolders) outside of the web root publically accessible by a plain URL. An alias has been created in Apache that leads this folder so what I need now is a redirect rule in .htaccess to make this work.
I have this alias: https://www.examplesite.com/certificate
The URLs that will be used to access these PDFs are for example: https://www.examplesite.com/certificate/2018/LGOIGD9E9345034GJERGJER.PDF
https://www.examplesite.com/certificate/2017/GSDFJGLKJNL345L34LSNFLSD.PDF
How should I format my redirect rule in .htaccess to decide if the file is to be downloaded or viewed in the browser?
Sorry about the noise, I found the answer by myself:
<FilesMatch "\.pdf$">
ForceType applicaton/octet-stream
Header set Content-Disposition attachment
</FilesMatch>
I have a files directory for my image storage in my web root folder, i want to know how to secure that folder. i prevent people from uploading scripts to that folder, i check file extensions, if it is not an image then it will not save to that folder.
but faking extensions are done easily, what happens if someone manage to upload a script to my files directory and access that from the browser
so i need a way to prevent scripts from running inside that folder and only allow images to run.
i know htaccess can do that but i dont know how to set it up. my .htaccess file is like this:
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI
ForceType application/octet-stream
<FilesMatch "(?i)\.(gif|jpe?g|png)$">
ForceType none
</FilesMatch>
Options All -Indexes
but it is not working, i saved a php file in that folder then tried to accessed it from the browser and i can still access it. do you know how to make this work? or if you have more secure approach to this, please tell me.
thank you
I think that it isn't working because you have only added an extra handler, you haven't removed the other handlers.
It is easiest to put another .htaccess file in the folder you want to protect (rather than messing with the match directive) that contains:
# Fix PHP, you should do matching commands for JSP and ASP, & html
RemoveType application/x-httpd-php php
# .... add the other remove-handler statements here .... #
# Optionally make these equivalent to text files.
# UPDATE: Taken this out as you dont want people to see PHP files at all
#AddType text/html php
# To disable cgi and server side includes & indexes
# You need to check the setup of Apache, some of the file types
# listed should already be handled as CGI (.pl, .py, .sh)
Options -ExecCGI -Includes -Indexes
# Completely block access to PHP files
<FilesMatch "\.(php|phps|html|htm|jsp|asp)$">
Order allow,deny
Deny from all
</Files>
# Add in any additional types to block
That covers PHP and CGI, you should do matching commands for JSP and ASP
UPDATE: Added code to completely block access to PHP files - sorry, thought initially that you simply didn't want them executing. Also note that I've commented out the line that turns PHP files into text files.
How would I tell the browser to force download all file types in a directory instead of rendering them inside the browser?
I've tried this but it didn't work.
<Files *.*>
ForceType applicaton/octet-stream
</Files>
This would be better tasked with:
<Files *.*>
Header set Content-Disposition attachment
</Files>
I use this with a FilesMatch instead of Files. Below is an example with text-based files
<FilesMatch "\.(?i:doc|odf|pdf|rtf|txt)$">
Header set Content-Disposition attachment
</FilesMatch>
I'm not sure that is possible. But you can use a mod_rewrite to a .php file with the file name in the GET part of the URL. Then extract the file name and force a download through that. If you want some download code, just ask
Can someone explain what the difference is between AddType and AddHandler in htaccess files? I want to make the settings such that I can have a javascript file (.js) be run through the server as though it were a php file (application/x-httpd-php5) but then sent to the user's browser as a (text/javascript) file. How might i configure this?
AddHandler http://httpd.apache.org/docs/2.0/mod/mod_mime.html#addhandler tells the server how to handle the file type. AddType http://httpd.apache.org/docs/2.0/mod/mod_mime.html#addtype tells the server what MIME type to give the client.
I doesn't sound like a great idea to parse all .js files as php. I would suggest using a .htaccess Rewrite directive to map the .js files in question, to your php script.
RewriteRule /phpjs/.* /phpjs/js.php
Then add
header("Content-Type: text/javascript");
to your php output.