how to remove automatic adding '?q=' in htaccess when accessing subfolders - .htaccess

I have a folder in the root called 'php', and when I type a url like this in my site:
http://example.com/php
it turns like this:
http://example.com/php/?q=php
but if the folder doesn't exist, it does not add the '?q='. I've tried adding:
Options -Indexes
but still happens. my site uses 'q=' to access different pages and I don't want the users to know that there's folder/s existing if the url adds a '?q='. how can I remove or disable that? I'm still new to htaccess thanks!
Here is my current htaccess:
#
# Apache/PHP/msys settings:
#
# Protect files and directories from prying eyes.
<FilesMatch "\.(inc|profile|functions|pg|module|test|po|api|sh|ini|json|.*sql|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$">
Order allow,deny
</FilesMatch>
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# Follow symbolic links in this directory.
Options +FollowSymLinks
# Set the default handler.
DirectoryIndex index.php index.html index.htm
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^([^\.]+)/?$ ?q=$1 [L]
</IfModule>
ErrorDocument 403 /example/error404
ErrorDocument 404 /example/error404

Related

Trailing slash vs no trailing slash NO REDIRECT

I have to be able to direct a GET or POST request when it comes in to
/eSCL/ScannerStatus
or
/eSCL/ScannerStatus/
TO
/eSCL/ScannerStatus/index.php
I am NOT looking for a redirect, as that is what I am getting now. (301 Permanently moved)
It is to say whether trailing slash or not, the request references a directory and I need to load index.php in that directory with NO redirect
I have reviewed the docs here
https://httpd.apache.org/docs/2.4/mod/mod_dir.html
and quite frankly it does not seem to work as stated or maybe I am missing a mod?
I have tried many variations .
I have run
sudo a2enmod rewrite
and
sudo a2enmod dir
both now show as enabled.
Apache 2.4 running on Raspberry Pi3
I have tried MANY MANY different rules and I also see in google results that this is a problem for many others trying to do the same. I see numerous "solutions" posted many of which do not work.
I see no reason to ressurect the 20+ mod rewrite attempts that I have made and failed . I am looking for what works without a redirect
Edit-UPDATE-------------------------------------------------
I just got back to this , deleted .htaccess, and now server refuses to load index.php and shows a directory listing instead.
This leaves me perplexed. I do not believe I need .htaccess for PHP files as it was not there before.
EDIT UPDATE 2------------------------------------
I managed to get back on track with some directives that seemed to go away for some reason.
I now have in /var/www/html/.htaccess
DirectorySlash Off
RewriteEngine On
RewriteRule ^eSCL/ScannerStatus/?$ eSCL/ScannerStatus/index.php [L]
RewriteRule ^eSCL/ScannerCapabilities/?$ eSCL/ScannerCapabilities/index.php [L]
RewriteRule ^eSCL/ScanJobs/?$ eSCL/ScanJobs/index.php [L]
RewriteRule ^eSCL/Scans/?$ eSCL/Scans/index.php [L]
in the global secion of apache2.conf I have (this is apparently what I had to do to get index.php files to load as default again):
<Directory "/var/www/html">
DirectoryIndex index.php index.htm
</Directory>
<Directory "/var/www/html/scans/*">
DirectoryIndex index.php index.htm
</Directory>
<Directory "/var/www/html/eSCL/ScannerStatus">
DirectoryIndex index.php index.htm
</Directory>
<Directory "/var/www/html/eSCL/ScannerCapabilities">
DirectoryIndex index.php index.htm
</Directory>
<Directory "/var/www/html/eSCL/ScanJobs">
DirectoryIndex index.php index.htm
</Directory>
Here is what wireshark captures when requesting http://192.168.1.50/eSCL/ScannerStatus (no trailing slash)
HTTP/1.1 301 Moved Permanently
Date: Thu, 06 Feb 2020 16:56:00 GMT
Server: Apache/2.4.25 (Raspbian)
Location: http://192.168.1.50/eSCL/ScannerStatus/
Content-Length: 327
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved here.</p>
<hr>
<address>Apache/2.4.25 (Raspbian) Server at 192.168.1.50 Port 80</address>
I have also specifically excluded the sites-enabled files in apache2.conf with
# Include the virtual host configurations:
# IncludeOptional sites-enabled/*.conf
I have also verified:
pi#raspberrypi:/etc/apache2 $ sudo a2enmod rewrite
Module rewrite already enabled
pi#raspberrypi:/etc/apache2 $ sudo a2enmod dir
Module dir already enabled
/eSCL/ScannerStatus
If ScannerStatus is a physical directory then by default, mod_dir will append the slash with a 301 redirect in order to "fix" the URL.
You need to override this behaviour and set DirectorySlash Off. You will then need to internally rewrite the request using mod_rewrite to the desired index.php document (instead of relying on DirectoryIndex as you would normally).
For example, in your root .htaccess file:
DirectorySlash Off
RewriteEngine On
RewriteRule ^eSCL/ScannerStatus/?$ eSCL/SCannerStatus/index.php [L]
Note that you will need to clear your browser cache as the 301 redirect to append the slash (by mod_dir) will most likely have been cached by the browser.
I do not believe I need .htaccess for PHP files as it was not there before.
You need .htaccess if you want to override default server behaviour and use physical directories without trailing slashes.
UPDATE:
<Directory "/var/www/html">
DirectoryIndex index.php index.htm
</Directory>
<Directory "/var/www/html/scans/*">
DirectoryIndex index.php index.htm
</Directory>
<Directory "/var/www/html/eSCL/ScannerStatus">
DirectoryIndex index.php index.htm
</Directory>
<Directory "/var/www/html/eSCL/ScannerCapabilities">
DirectoryIndex index.php index.htm
</Directory>
<Directory "/var/www/html/eSCL/ScanJobs">
DirectoryIndex index.php index.htm
</Directory>
The <Directory> container applies to the stated directory and all subdirectories. So in the above, all except the first <Directory "/var/www/html"> container are not required.
However, there's nothing here that is enabling .htaccess overrides? And the behaviour you are currently seeing would seem to suggest that .htaccess files are not enabled - since the .htaccess directives don't appear to be doing anything.
TEST: Add any "nonsense" to the top of the .htaccess file. If .htaccess files are being processed then this will break horribly and result in a 500 Internal Server Error. If no error then the .htaccess file is being ignored (ie. .htaccess files are not enabled).
The rewrite we added in .htaccess to route requests to index.php negates the need for DirectoryIndex - but there is no harm adding this.
To enable .htaccess overrides you need to set AllowOverride in the relevant <Directory> container. For example:
<Directory "/var/www/html">
# Allow .htaccess files to override config directives
AllowOverride All
# Allow mod_dir to issue an internal subrequest for the DirectoryIndex
# when requesting /subdirectory/ (note the trailing slash)
DirectoryIndex index.php index.htm
# Access needs to be permitted (somewhere)
Require all granted
</Directory>
If you have access to the server config then you don't need .htaccess. All the directives in .htaccess (a directory context) can go directly in the relevant <Directory> container. (Although development/distribution requirements could make the use of .htaccess files easier.)
Incidentally, the DirectoryIndex directive can be used in .htaccess.
Aside:
As noted earlier, the above rewrite in .htaccess negates the need for DirectoryIndex index.php. However, they can be modified slightly to make use of this. For example (an academic excercise):
DirectoryIndex index.php
DirectorySlash Off
RewriteEngine On
# Note the different regex having removed "/?"
RewriteRule ^eSCL/ScannerStatus$ eSCL/SCannerStatus/index.php [L]
Now, a request for /eSCL/ScannerStatus (no trailing slash) is rewritten using mod_rewrite to index.php. But a request for /eSCL/ScannerStatus/ (with a trailing slash) is now handled by DirectoryIndex which returns index.php via an internal subrequest. With the earlier RewriteRule, both these requests were handled by mod_rewrite.
Note that the 4 rules for the 4 different sub-subdirectories can potentially be combined into a single rule.

htaccess block everything but index.php and folder public and files in it

I'm kinda new to htaccess, I'm trying to block everything but index.php, the folder public and the files it contain. I have googled around and got this so far. Its kinda working but it looks like the webserver dont have access to the files either. It opens index.php but no css,js or php files are included. I can also go to domain.com/folder/ and get to the index page but its empty i would want it to redirect to index.php if possible. And i also have no clue about how to open the public folder while everything else above is set.
AuthType Basic
order allow,deny
<Files ~ "^(index\.php|)$">
Allow from all
</Files>
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>
DirectoryIndex index.php
Replace all of your code with this mod_rewrite rule in your site root .htaccess:
DirectoryIndex index.php
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/(?:index\.php$|public/|.+\.(?:jpe?g|gif|png|ico|tiff|css|js)$) [NC]
RewriteRule . - [F]
This rule will block everything except public/ folder, index.php or any other file ending with .css, .js, images etc.

Subdomain not working due to Options -Indexes

Subdomain display 403 error due to "Options -Indexes" in .htaccess.
How to denied directory listing while permitting to Subdomain directory to work?
QUICK ANSWER
Define your DirectoryIndex in the httpd.conf
EXAMPLE
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
AFTER THAT
Add an index.php or index.html file on your subdirectory.
The file you are adding must be the file you want to see when you access the subdirectory. The name & extension must match the values defined in the DirectoryIndex directive.

Codeigniter doesn't work without index.php

I'm using MAMP with alias named works.
Codeigniter is at localhost/works/project/web
controllers doesn't work without index.php before them (localhost/works/project/web/index.php/auth/register)
$config['base_url'] = 'localhost/works/project/web/'; //with http://
$config['index_page'] = '';
$config['uri_protocol'] = 'AUTO';
(I tried all of them for uri_protocol)
I created and edit .htaccess file at /User/me/works/project/web/
I tired all the .htaccess files about this issue.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /Users/me/works/project/web
#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#‘system’ can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php/$1 [L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn’t true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
#This last condition enables access to the images and css folders, and the robots.txt file
#Submitted by Michael Radlmaier (mradlmaier)
RewriteCond $1 !^(index\.php|images|robots\.txt|css)
RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
# If we don’t have mod_rewrite installed, all 404’s
# can be sent to index.php, and everything works as normal.
# Submitted by: ElliotHaughin
ErrorDocument 404 /index.php
</IfModule>
creates error, which is:
[error] [client ::1] File does not exist: /Users/me/works/project/web/auth
it is same when I use RewriteBase /
mod_rewrite is active in phpInfo.
I couldn't find the solution.
Your RewriteBase is wrong. It should not be the relative file path for your server, it should be the relative URL path for your rewrite rules and such. More info here.
If you've ever used HTML's <base> tag, it's pretty much the same principle. If your main localhost URL is http://localhost, and your project is in the subfolder http://localhost/my-project, then you would use RewriteBase /my-project/.
If you didn't use RewriteBase, and your project is in a subfolder, you'd have to add the subfolder to every one of your URLs and rewrites, like this:
RewriteRule ^(.*)$ /my-project/index.php/$1 [L]
Food for thought:
Start your .htaccess files as simple as possible. The more you throw at it right away, the more that can go wrong, and the harder it is to debug. Especially if you're a noob to .htaccess files. Don't blindly copy and paste -- figure out what things actually do.
The system folder access part is redundant now -- the system folder has its own .htaccess to restrict requests, just like the application folder.
1.Make below changes in application/config.php file
$config['base_url'] = 'http://'.$_SERVER['SERVER_NAME'].'/Your Ci folder_name';
$config['index_page'] = '';
$config['uri_protocol'] = 'AUTO';
2.use this in .htaccess file:
RewriteEngine on
RewriteCond $1 !^(index\.php|resources|robots\.txt)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L,QSA]
and enable rewrite mode using below command
a2enmod rewrite
and Edit the file /etc/apache2/sites-enabled/000-default
change the AllowOverride None to AllowOverride All.
and finally Restart your server
You certainly don't have mod_rewrite on or you did not install it with MAMP
Open your httpd config file and change
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
To
AllowOverride All
uncomment this line:
#LoadModule rewrite_module libexec/apache2/mod_rewrite.so
Also make some changes to users here: /etc/apache2/users/username.conf
LoadModule php5_module libexec/apache2/libphp5.so
DocumentRoot "/Users/username/where/ever/you/like"
<Directory "/Users/username/where/ever/you/like">
Options Indexes MultiViews +FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Get more info here http://adam.merrifield.ca/2010/08/09/apache-mod_rewrite-php-and-os-x-10-6-snow-leopard/
Restart MAMP
To find out if mod_rewrite is on, follow this answer in Stackoverflow:
How to check if mod_rewrite is enabled in php?
Just to be sure your .htaccess is not the issue, could you try this one. It's been tested:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /Users/me/works/project/web/
# If the start of the URL doesn't match one of these...
RewriteCond $1 !^(index\.php|robots\.txt|assets|cache|themes|uploads|css|images|js)
# Route through index.php
RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>
Access to certain folders are granted above and the rewritebase has a trailing slash.
Make sure you have any other nested .htaccess overriding this very one.
I fixed the problem by instead of using .htacces, I write them to httpd.conf.
I checked the AllowOverride is All but I'm not sure why .htaccess isn't working. Because of I lost too much time with this issue, I'm going to use this way.
Thanks for the answers.
Use AllowOverride All on your vhost:
<Directory "/path/to/your/site">
....
AllowOverride All
</Directory>
Open your httpd config file
LoadModule rewrite_module modules/mod_rewrite.so then AllowOverride All
<Directory "C:/xampp/htdocs"> //example for xampp
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order allow,deny
Allow from all
</Directory>
I have installed codeigniter in a url like the format: http://11.12.34.45/~project/
I tried different suggestions and finally this following url provided the solution:
https://ellislab.com/expressionengine/user-guide/urls/remove_index.php.html
You need to change two files of Apache,
httpd.conf
httpd-vhosts.conf
change this in httpd.conf
<Files ".ht*">
Require all denied
</Files>
to,
<Files ".ht*">
Require all granted
</Files>
and add below code in httpd-vhosts.conf,
<VirtualHost *:8000>
ServerName localhost
DocumentRoot c:/wamp64/www
<Directory "c:/wamp64/www/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Allow from all
</Directory>
</VirtualHost>

403 error when access controller in subfolder (CodeIgniter)

This is my application skeleton:
application
controllers
backend
[backend_controllers_here]
[frontend_controllers_here]
models
[shared_models_for_both_backend_and_frontend]
views
backend
[backend_views_here]
[frontend_views_here]
...
system
index.php
.htaccess
This is my .htaccess file content:
Options -Indexes
Options +FollowSymLinks
# Set the default file for indexes
# DirectoryIndex index.php
<IfModule mod_rewrite.c>
# activate URL rewriting
RewriteEngine on
# do not rewrite links to the documentation, assets and public files
RewriteCond $1 !^(images|assets|uploads|captcha)
# do not rewrite for php files in the document root, robots.txt or the maintenance page
RewriteCond $1 !^([^\..]+\.php|robots\.txt)
# but rewrite everything else
RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
# If we don't have mod_rewrite installed, all 404's
# can be sent to index.php, and everything works as normal.
ErrorDocument 404 index.php
</IfModule>
It's nothing wrong when I type on address-bar something like these (for frontend):
mysite.local
mysite.local/index.php
mysite.local/index.php/frontend_controller
mysite.local/frontend_controller
But for backend I had a 403 error when try to access:
mysite.local/backend
mysite.local/backend/some_backend_controller
However, with index.php in URL everything is fine.
mysite.local/index.php/backend
mysite.local/index.php/backend/some_backend_controller
Am I missing something here?
Thanks for your time!
check the permission for the backend folder. it maybe prevents the webserver from reading the actual content of the directory.
The permission should allow reading for everyone
What does your config/routes.php look like? Might try something like this:
$route['backend'] = "backend/controller/method";

Resources