Suppose I have 2 website #1) domain1.com and #2) domain2.com
I want that only domain1.com visitor can visit domain2.com other websites like example.com can't visit my website.
When they visit it show error :)
<Limit GET POST> Deny from all Allow from domain1.com </limit>
I also tried this:
RewriteCond %{HTTP_REFERER} ^https?://movienoe.com
You can do that using order deny,allow, put this into your .htaccess:
order deny,allow
deny from all
allow from domain1.com
This will deny everyone access unless they visit via domain1.com
You can then redirect the users who're not coming from domain1.com to another page of your choosing, I've put in a 404 page just as an example, but you can change this to whatever you like:
RewriteCond %{HTTP_HOST} !^www\.domain1\.com [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/?(.*) http://www.domain2.com/404.html [L,R,NE]
For Apache 2.4:
You can use an IF directive since you're using 2.4:
<If "%{HTTP_HOST} != 'www.domain1.com'">
Redirect / http://www.domain2.com/404.html
</If>
and for the order deny,allow you would use:
Require all denied
Require host domain1.com
Related
I want to restrict access to a file "test.txt" with .htaccess
The problem, I'm on a multisite and I want only one domain to access to the file eg. mydomain.com/test.txt
When other domain trying to access, it should denied them: otherdomain.com/test.txt
Multisite is sharing the same files but different db.
<Files "test.txt">
Order deny,allow
deny from all
allow from mydomain.com
</Files>
You may use this deny rewrite rule instead of allow/deny:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^(?:www\.)?mydomain\.com$ [NC]
RewriteRule ^test\.txt$ - [NC,F]
Normally I create IP restrictions with adding following snippet in .htaccess:
<Limit GET POST>
order deny,allow
deny from all
allow from 23.98.431.9
allow from 123.456.78.9
allow from 9.876.54.32
allow from 555.333.2.33
</Limit>
Above snippet works perfectly if only one domain is pointing to webroot. But how can I add an IP restriction for only one domain if multiple domains point to the same webroot? For example:
www.example.com
wwww.examplewebsite.com
wwww.exampleawesome.com
All above domains are pointing to the same webroot. But now I need to restrict access for only www.example.com (certain IPs are allowed to see the site). How can I achieve this?
Thank you so much!
You can use mod_rewrute rules for this in root .htaccess like this:
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} ^(GET|POST)$ [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?example\.com$ [NC]
RewriteCond %{REMOTE_ADDR} !^(23\.98\.431\.9|123\.456\.78\.9|9\.876\.54\.32|555\.333\.2\.33)$
RewriteRule ^ - [F]
i need .htaccess code to redirect and ban ip's ,i mean if i try to load www.site.com with 123.456.789.101 ip address allow me, but if someone else try to load ,redirect them to other subdomain like sub.site.com , i write below code but dont work correctly.
<Limit GET POST PUT> Order Deny,Allow
Deny from all
Allow from 123.456.789.101
</Limit>
301 redirect / http://new.site.com
<Files otherpage.html>
Order Allow,Deny
Allow from all
</Files>
please help , Tank You
Replace your Limit block and 301 redirect with this:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.101$
RewriteRule ^(.*)$ http://new.site.com/$1 [L,R=301]
So that it's above your Files block (though I'm not sure why you'd need that)
I have an ecommerce site, and I want to enable https only on the ecommerce section of the site located at https://mysite.com/buy
Since all of the links on my pages are relative, when someone visits http://mysite.com and clicks on Buy, they are taken to http://mysite.com/buy
Also, if they visit https://mysite.com/buy and click on a link to another page, they are taken to https://mysite.com.
The reason I want https only on that one section is because I have external elements (i.e. Google Maps, Youtube, Twitter, etc) that cannot be sent over https.
Is there a way with htaccess that I can make the /buy directory force https, but every other page force http?
Edit:
In case anyone is interested, I was able to solve this using PHP. I would still prefer an htaccess solution, but this will work for now:
if($_SERVER['HTTPS'] == "on") {
if(strpos($_SERVER['REQUEST_URI'],"buy") === false) {
Header("Location: http://$_SERVER['HTTP_HOST']."".$_SERVER['REQUEST_URI']");
}
}
Try this in your .htaccess file:
Options +FollowSymLinks
RewriteEngine on
# redirect for http /buy page
RewriteCond %{SERVER_PORT} =80
RewriteRule ^buy/?$ https://mysite.com/buy [R=301,QSA,L,NE]
# redirect for https non /buy pages
RewriteCond %{SERVER_PORT} =443
RewriteCond %{REQUEST_URI} !^/buy [NC]
RewriteRule ^/?(.*)$ http://mysite.com/$1 [R=301,QSA,L,NE]
R=301 will redirect with https status 301
L will make last rule
NE is for no escaping query string
QSA will append your existing query parameters
NC is for ignore case comparison
$1 is your REQUEST_URI
I don't have hands on experience, but from what I see, it looks like the htaccess configuration file should impact only the files in the folder in which the file is stored.
So you should be able to do something like this:
http://www.besthostratings.com/articles/force-ssl-htaccess.html
And put it in the /buy folder of your site.
If your web page is hosted on 9001 port just enable any port on your linux box and make these changes in /etc/httpd/conf.d/ssl.conf.Then set your Listen Port to 9002 and create SSL certificate and key and put following configuration in your httpd.conf file
Listen 9001
<VirtualHost *:9001>
ServerAdmin root#localhost
DocumentRoot /mnt/work/httpd
<Directory "/mnt/work/httpd">
Options FollowSymLinks
AllowOverride AuthConfig
</Directory>
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateKeyFile /etc/httpd/www.test.example.com.key
SSLCertificateFile /etc/httpd/www.test.example.com.crt
RewriteCond %{HTTPS} off
RewriteRule (.*) https://www.test.example.com:9002%{REQUEST_URI}
and your .htaccess file should look like this
AuthType Digest
AuthName "Protected"
AuthDigestProvider file
AuthGroupFile /dev/null
AuthUserFile /mnt/work/httpd/digest_auth
Require user username**
I have got lots of ideas from google and stackoverflow- but none of those was exactly what i am looking for. here is scenario-
I have bought a hosting space from a provider. I had to provide a domain name(let abc.com) as the primary domain of that hosting space.
Then i have found that i have to put all the contents for that rimary domain(abc.com) into the document root directly. that is no directory like www/abc or www/abc.com.
Then I googled and found lots of .htaccess solution. I picked the following one-
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} abc.com
RewriteCond %{REQUEST_URI} !^/abc.com/(.*) [NC]
RewriteRule ^(.*)$ /abc.com/$1
I have just paste above lines at the end of the existing .htaccess file (default).
It was working fine. I have been using www/abc.com directory for my abc.com domain from then.
Recently I have added some subdomains (let xyz.abc.com) to my abc.com domain. But it is behaving strange with me. all subdomains are looking for its contents from abc.com/subdomain (eg. abc.com/xyz.abc.com)
This time i am getting no solution over google (i may missed it).
Someone help me please- i am in bad shape.
EDITED:
Following lines were in WebRoot .htaccess from the beginning. After that I have added additional lines as mentioned above(3,4)
# -FrontPage-
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName abc.com
AuthUserFile /home/abc/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/abc/public_html/_vti_pvt/service.grp\
EDITED AGAIN:
There are some other domains(except the main domain abc.com) in the same hosting space. Those domains have some working sub-domains. But sub-domain of main domain is not working as i explained above.
Change
RewriteCond %{HTTP_HOST} abc.com
to
RewriteCond %{HTTP_HOST} ^abc.com$
Now the rules do not match your subdomains anymore.
Update
# catch www.abc.com and abc.com (and wwwwwwwwwww.abc.com)
RewriteCond %{HTTP_HOST} ^(w+\.)?abc\.com$