I have 2 websites. On website 1 im showing my entire website 2 in iframe. I want to block access to website 2 except if traffic is coming from website 1. I have tried something in httaccess file but it doesn't seem to work.
This is on webcite 2.
RewriteEngine On
RewriteBase /
# allow these referers to passthrough
RewriteCond %{HTTP_REFERER} ^https://www.1.com
RewriteRule ^ - [L]
I think you did opposite, please try below rule.
RewriteEngine On
RewriteBase /
# block referers which are not www.1.com
RewriteCond %{HTTP_REFERER} !^www.1.com
RewriteRule ^ - [L]
Related
In short, my website has a single payments page. SSL certificate is installed but is not required apart for that one payments page.
With regards to my .htaccess file - I currently separate my payments page with the following code. I also block visitors from semalt.com. Can't remember exactly why, but I think I was receiving unwanted attention (spam) from them at the time.
What I would like to know is:
is this code still valid 5 years on?
do I need to address canonicalization by directing to either a www or non-www version of mywebsite (importantly without affecting that one important https payments page); is it necessary?
1. Options +FollowSymlinks
2. RewriteEngine On
3. RewriteBase /
4. # RewriteCond %{HTTP_HOST} !^example\.com$ [NC]
5. # RewriteRule .* http://example.com%{REQUEST_URI} [L,R=301]
6.
7. RewriteCond %{HTTPS} off
8. RewriteRule ^payment\.html$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
9.
10. # block visitors referred from semalt.com
11. RewriteEngine on
12. RewriteCond %{HTTP_REFERER} semalt\.com [NC]
13. RewriteRule .* – [F]
14. # End semalt block
15. # block referer spam buttons for website
16. RewriteEngine On
17. RewriteCond %{HTTP_REFERER} buttons\-for\-website\.com
18. RewriteRule ^.* - [F,L]
19. # End buttons for website block
20.
21. ErrorDocument 404 /404.html
The main thing I would address is that you are only redirecting to HTTPS for your payments page. You should be forcing HTTPS for your entire site - everywhere. These days browsers alert users to the fact that they are browsing an insecure connection if on HTTP (Google Chrome states "Not Secure" next to the URL), which doesn't do anything for user trust. This is the main thing that would have changed in the last 5 years - HTTPS is mandatory everywhere.
There is no good reason not to use HTTPS everywhere these days.
Assuming the rest of your site is already HTTPS "ready" (I assume it must be and you aren't sending users back to HTTP from your payment page?!) then change the HTTP to HTTPS redirect to include your entire site:
# HTTP to HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
2) do I need to address canonicalization by directing to either a www or non-www version of mywebsite (importantly without affecting that one important https payments page); is it necessary?
Yes, you should. You already have the directives at the top of your .htaccess file - but they are commented out? You may have already set the rel="canonical" element in the head of your pages, but otherwise, if www and non-www are both available then this is potentially duplicate content (same content available from 2 or more different URLs). You need to decide which: www or non-www? Which do you currently favour? Which (predominantly) is already indexed? Which does your payments page use? (Hopefully, the answer is the same to all the above.)
Also redirect directly to HTTPS as part of this redirect. And this should go before the current HTTP to HTTPS redirect (the same order as currently in your .htaccess file):
# Redirect to non-www
RewriteCond %{HTTP_HOST} !=example.com
RewriteRule ^ https://example.com%{REQUEST_URI} [R=301,L]
Note that the above www to non-www redirect assumes you are not using any other subdomains. To redirect to www.example.com, just change both instances of example.com.
RewriteCond %{HTTP_REFERER} semalt\.com [NC]
RewriteRule .* – [F]
Ok, if it helps - check your server logs if this is doing anything for you. But change the .* regex to ^ (marginally more efficient). And any blocking directives should be at the very top of the file (you don't want to bother canonicalising these requests).
RewriteCond %{HTTP_REFERER} buttons\-for\-website\.com
RewriteRule ^.* - [F,L]
Again - OK, it helps (does it?!). Optimise the regex as above. No need to backslash escape literal hyphens in the CondPattern (unless they appear in the middle of a character class). The L flag is not required when used with F.
Other notes:
No need to repeat the RewriteEngine On directive.
You do not need the RewriteBase / directive with your current directives.
It's clearer to define your ErrorDocuments at the top of the file.
Summary
Bringing the above points together we have:
Options +FollowSymlinks
ErrorDocument 404 /404.html
RewriteEngine On
# block visitors referred from semalt.com
RewriteCond %{HTTP_REFERER} semalt\.com [NC]
RewriteRule ^ – [F]
# block referer spam buttons for website
RewriteCond %{HTTP_REFERER} buttons-for-website\.com [NC]
RewriteRule ^ - [F]
# Redirect to non-www
RewriteCond %{HTTP_HOST} !=example.com
RewriteRule ^ https://example.com%{REQUEST_URI} [R=301,L]
# HTTP to HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Currently, my site has this url format:
https://example.com/blog/news.php?read=article-title-here
I would like to change this url to:
https://example.com/news/article-title-here
Any idea how to do this please? I tried this method but see no changes in the browser bar(even after emptying the cache):
RewriteCond %{QUERY_STRING} ^read=(.*)$
RewriteRule ^news/?$ %1.php? [R=301,L]
Also, where should the htaccess file be written?
in https://example.com/
or
https://example.com/blog/
Thank you in advance!
Ben
You can use in your https://example.com/.htaccess:
Options -MultiViews
RewriteEngine on
RewriteBase /
# external redirect from actual URL to pretty one
RewriteCond %{THE_REQUEST} \s/+blog/news\.php\?read=([^\s&]+) [NC]
RewriteRule ^ /news/%1? [R=301,L,NE]
# internal forward from pretty URL to actual one
RewriteRule ^news/(.+?)/?$ blog/news.php?read=$1 [L,QSA,NC]
We have a domain where every page is set to https in .htaccess.
There is also a 2nd domain for the Irish version of the site, where we don't have a certificate, so we need the pages to be set to http.
We also want to ensure both domains are set to www.
To further complicate the matter, users can login to part of the site, and we want those pages to be secure. What we plan is to detect the Irish domain and login page and redirect to the main domain.
I can code individual parts of this in .htaccess, but I am not sure how to code the whole scenario without it getting horribly complicated, messy and difficult to debug. I also don't want to double redirect pages unnecessarily.
So in summary:
(www.)example.com -> https://www.example.com
(www.)example.ie -> http://www.example.ie
(www.)example.ie/login.php -> https://www.example.com/login.php
I would be grateful for any help, haven't been able to find any similar scenarios. Thanks.
There's multiple ways of doing this. Assuming you're differentiating based on the host header (vs, say, using unique IP-based virtual hosts), you could do something like:
# Special case for Irish login page
RewriteCond %{HTTP_HOST} ^(?:www\.)?example\.ie$
RewriteRule ^/login\.php$ https://www.example.com/login.php [R]
# By default use HTTPS
RewriteRule .* - [E=CORRECT_REQUEST_SCHEME:https]
# For (www.)example.ie use HTTP
RewriteCond %{HTTP_HOST} ^(?:www\.)?example\.ie$
RewriteRule .* - [E=CORRECT_REQUEST_SCHEME:http]
# Ensure www prefix
RewriteCond %{HTTP_HOST} ^example\.(com|ie)$
RewriteRule ^(/.*)$ %{ENV:CORRECT_REQUEST_SCHEME}://www.example.%1/$1 [R]
# Ensure correct request scheme
RewriteCond %{HTTPS} =off
RewriteCond %{ENV:CORRECT_REQUEST_SCHEME} =https
RewriteRule ^(/.*)$ https://%{HTTP_HOST}/$1 [R]
Edited code to reflect Avi's solution. For some reason it's still not forcing www, and it's not forcing https for the .com site. Unfortunately running under Apache 2.2.29 on our production web server we can't use "REQUEST_SCHEME":
RewriteEngine on
RewriteBase /
Options +FollowSymLinks
## ERROR DOCUMENT PROCESSING ##
ErrorDocument 403 /404.php
ErrorDocument 404 /404.php
ErrorDocument 410 /410.php
## ERROR DOCUMENT PROCESSING ##
## TRAP REQUESTS FOR IMAGE DOES NOT EXIST ##
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} \.(gif|jpg|jpeg|png)$
RewriteRule .* /products/sq/250sq/no_image_available.jpg [R]
## FORCE URL CHANGES FOR DOMAINS ##
# Special case for Irish login page
RewriteCond %{HTTP_HOST} ^(?:www\.)?example\.ie$
RewriteRule ^/login\.php$ https://www.example.com/login.php [R]
# By default use HTTPS
RewriteRule .* - [E=CORRECT_REQUEST_SCHEME:https]
# For (www.)example.ie use HTTP
RewriteCond %{HTTP_HOST} ^(?:www\.)?example\.ie$
RewriteRule .* - [E=CORRECT_REQUEST_SCHEME:http]
# Ensure www prefix
RewriteCond %{HTTP_HOST} ^example\.(com|ie)$
RewriteRule ^(/.*)$ %{ENV:CORRECT_REQUEST_SCHEME}://www.example.%1/$1 [R]
# Ensure correct request scheme
RewriteCond %{HTTPS} =off
RewriteCond %{ENV:CORRECT_REQUEST_SCHEME} =https
RewriteRule ^(/.*)$ https://%{HTTP_HOST}/$1 [R]
I know there are a lot of answers available for this but none of them worked for me. I am stuck with this very familiar issue. I have made a website wherein i have to make customised urls for all my franchisees. But all these customised urls should take back to homepage.
Eg. if franchisee enters following url : www.example.com/franchisee/john it should redirect the franchisee to www.example.com but the browser url should remain www.example.com/franchisee/john
I have tried this by modifying .htaccess file but it shows page not found(404) error. Any help will be appreciable. I am new to .htaccess.
Here is .htaccess code :
RewriteCond %{REQUEST_URI} ^.*/franchisee/[a-zA-Z0-9_\.\-]+$
RewriteRule ^(.*)$ / [P]
EDIT :
Here is the complete .htaccess file. This file is present under the docroot folder:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
Options +FollowSymLinks -MultiViews
RewriteCond %{REQUEST_URI} ^/franchisee/[a-zA-Z0-9_\.\-]+$
RewriteRule ^franchisee/[\w.-]+/?$ / [L]
</IfModule>
You don't need to use proxy or P flag here. Use this rule without R flag to silently rewrite to /:
RewriteEngine On
RewriteRule ^franchisee/[\w.-]+/?$ / [L]
I've created an .htaccess file that contains redirects for one site that is part of a larger WordPress Multisite install.
The .htaccess content starts with this (necessary because the same .httacess file must be used for multiple sites:
RewriteCond %{HTTP_HOST} ^mydomain.com [nc]
And then contains a series of rewrites, like so:
RewriteRule ^about-my-site$ about [R=301,NC,L]
If I visit mydomain.com/about-my-site, I am correctly redirected to mydomain.com/about
However, if I visit mydomain.com/about-my-site/ (please note trailing slash), I get a "Page not found" error.
Change your RewriteRule to
RewriteRule ^about-my-site/?$ about [R=301,NC,L]
These rules should go before your WordPress rules, make sure that rewriting is on, and set a rewrite base of / -
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} mydomain.com [NC]
RewriteRule ^about-my-site/? about [R=301,NC,L]
</IfModule>
Test here: http://htaccess.madewithlove.be/
input url
http://mydomain.com/about-my-site/
output url
http://mydomain.com/about
debugging info
1 RewriteEngine On
2 RewriteBase /
3 RewriteCond %{HTTP_HOST} mydomain.com [NC] This condition was met
4 RewriteRule ^about-my-site/? about [R=301,NC,L] This rule was met, the new url is http://mydomain.com/about
Test are stopped, because of the R in your RewriteRule options. A redirect will be made with status code 301