I have some rules that deny access to a contact form from certain IP addresses as below
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
#restrict access to contact form
RewriteCond %{REQUEST_URI} ^.(index.php/)?contact(.*) [NC]
RewriteCond %{REMOTE_ADDR} ^81\.136\.137\.239
RewriteRule ^(.*)$ / [F,L]
Before I put the https rewrite in the restrictions to the contact form worked OK.
After forcing all traffic to https I am able to get to the contact form even from IP addresses specifically restricted.
Is there something in the REQUEST_URI line that is not picking up https connections? (I would like it to restrict access on both http and https if possible but if not then just https)
Go to contact folder and make .htaccess and put the following code inside it :
deny from 81.136.137.239
if you have more IP add them like example above
update
If it is file try this :
RewriteEngine On
RewriteCond %{REQUEST_URI} contact
RewriteCond %{REMOTE_ADDR} ^81\.136\.136\.239
RewriteRule ^(.*)$ / [F,L]
For more IPs :
RewriteEngine On
RewriteCond %{REQUEST_URI} contact
RewriteCond %{REMOTE_ADDR} ^81\.136\.136\.239 [OR]
RewriteCond %{REMOTE_ADDR} ^81\.136\.136\.230 [OR]
RewriteCond %{REMOTE_ADDR} ^81\.136\.136\.220
RewriteRule ^(.*)$ / [F,L]
Related
I have a main domain and many subdomains on it now i want to redirect main domain to its HTTPS and other domains to its subdomain for example:
main.com redirects to https://main.com
domain1.com redirects to domain1.main.com
domain2.com redirects to domain2.main.com
now i using this
RewriteEngine On
RewriteBase /
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^www.main.com [OR]
RewriteCond %{HTTP_HOST} ^main.com [NC]
RewriteRule ^(.*)$ https://www.main.com/$1 [R,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
this code redirect main.com only and other domains must check in index.php and redirect to specific subdomain, i want to perform whole work in htaccess.
This probably is what you are looking for:
RewriteEngine On
RewriteBase /
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(?:www\.)?main\.com
RewriteRule ^ https://www.main.com%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} !^(?:www\.)?main\.com
RewriteCond %{HTTP_HOST} ^(?:www\.)?([^.]+)\.com
RewriteRule ^ https://%1.main.com%{REQUEST_URI} [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
It makes sense to start out using a R=302 temporary redirection at first and only change that to a R=301 permanent redirection once everything works as desired.
Obviously this requires that requests to those other domains are handled by the http host which implements this rule set. So you most likely want to define either host aliases for those domains or use a default virtual host inside your http server.
I want to make redirection from http to https.
I try to use this .htaccess code
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
but that show the public folder in the url,
more explain my site is www.example.com white this code is going like this www.example.com/public/
I have this code is my .htaccess
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^(.*)$ index.php?$1 [L,QSA]
and I want to make the redirection to a specific domain, if the users try for example : example.com, I need to redirect to www.example.com
any solution ?
That is happening because you're also requesting the URI in the RewriteRule. You need to change the rules to the following:
RewriteEngine On
RewriteCond %{HTTPS} !on [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
You can see this rule working here with the /public/ URI and it going to https://example.com only. Make sure you clear your cache before testing this.
The domain name 2nicksplumbing.com that is privately registered is being indexed by Google and directed to NicksPlumbing.com
I have attempted the following to block it with no luck...
Blocked the domains ip in cPanel
Deny method in .htaccess file
RewriteCond method in .htaccess file (code below)
Can anyone suggest why I cannot block this domain name from pointing to our site?
Options +FollowSymLinks
RewriteEngine On
ErrorDocument 404 https://www.nicksplumbing.com/404.html
RewriteCond %{HTTP_REFERER} 2nicksplumbing\.com [NC]
RewriteRule .* - [F]
RewriteCond %{HTTP_HOST} ^nicksplumbing\.com [NC,OR]
RewriteCond %{HTTP_HOST} ^nicksplumbingrepair\.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.nicksplumbingrepair\.com [NC,OR]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.nicksplumbing.com/$1 [L,R=301]
RewriteCond %{THE_REQUEST} ^.*/index.html
RewriteRule ^(.*)index.html$ https://www.nicksplumbing.com/$1 [R=301,L]
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I see you've tried to block the domain using HTTP_REFERER, the other method to try is using the env=bad directive:
SetEnvIfNoCase Referer "2nicksplumbing\.com" bad_referer
SetEnvIfNoCase Referer "www\.2nicksplumbing\.com" bad_referer
Order Allow,Deny
Allow from ALL
Deny from env=bad_referer
The above will allow access to your website from everything that isn't on your bad_referer list. For more information you can read the Apache Documentation for this.
Clear your cache before testing this.
I will add however, it doesn't seem like this private domain is doing harm to your website? It is simply referring traffic to your website.
I have a https website which has a hidden user area. From there the users has a link which links to a http site. With a referrer the site makes sure that the userers are coming from my site. Other access attemps are blocked.
Since my webstie change to https, there referrer is not working anymore.
My solution attempt so far:
Inside my htaccess I want to stop the https for only one file on the site. Where the link is. My htaccess so far.
ErrorDocument 404 /404.php
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/Mitgliederservice/Infoline/index\.php$ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
I don't understand whether you want to exclude one page or force only one page to https so , if you want to exclude one specific page use the following code :
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/path/to/yourpage\.php$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
otherwise use the following code :
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} ^/path/to/yourpage\.php$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R]
Is it possible to apply redirect before Deny/Allow IP blocking with .htaccess file?
I tried following, but instead of redirect users that are not whitelisted were blocked so it means that Deny/Allow part was executed even they should be redirected. The redirect part is working fine as I tested it without any IP blocking. I expected that [L] flag in rewrite would "stop" the .htaccess execution before reaching the IP blocking part.
RewriteCond %{HTTP_HOST} !^blog\.mysite\.com$ [NC]
RewriteRule (.*) http://www.mysite.com [L,NC,R=301]
Order deny,allow
Deny from all
Allow from xxx.xxx.xxx.xxx
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?/$1 [L]
Why I'm doing this is because I should protect access to http://www.mysite.com/blog while still showing same 404 as is shown by the site for other invalid pages. If doing IP block first I cannot show the same 404 page generated by site framework.
Am I doing something wrong or its just not possible to do like this?
You could use a rewrite condition to check the ip address:
RewriteEngine On
RewriteBase /
#always redirect blog.mysite.com to www.mysite.com
RewriteCond %{HTTP_HOST} ^blog\.mysite\.com$ [NC]
RewriteRule (.*) http://www.mysite.com [L,NC,R=302]
#don't redirect if the accessDenied.php page is accessed
RewriteCond %{REQUEST_FILENAME} ^accessDenied\.php$
RewriteRule (.*) - [L]
#redirect all not whitelisted IPs
RewriteCond %{REMOTE_ADDR} !^111\.111\.111\.111 [or]
RewriteCond %{REMOTE_ADDR} !^222\.222\.222\.222
RewriteRule (.*) accessDenied.php [R=302,L]
#only whitelisted IPs will use this rewrite rule
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) index.php?/$1 [L,R=302]
If the ip matches, the second rewrite rule will not be met, so nothing will happen. But if the ip doesn't match, the user will be redirected to your 404 error page.