Apache: Disallow external access to directories via .htaccess - .htaccess

The goal is to prevent anyone other than the application itself from accessing the items within several specific folders.
Having read through some of the answers, I have:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://app.domain.co.uk/*
RewriteRule ^(folder1|folder2)$ - [L,F]
I've placed the .htaccess in the same folder as folder1 and folder2, but it's not blocking access from external sources.
I've tried forward slashes before the folder names, but that made no difference.
Also, we are using the app sub-domain, and we are using SSL, if that's of importance.
Any suggestions?

use this rule as your first rule in the .htaccess placed in parent folder of folder1, folder2:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://app\.domain\.com [NC]
RewriteRule ^/?(?:folder1|folder2)(?:/.*)?$ - [L,NC,F]
# rest of your rules go below this

Related

Need help in URL rewriting sub-domains

I recently registered a domain name kbcsurveyors.com. Then, I created two sub-domains, which created two new folders in the root folder.
My motive is that if I type kbcsurveyors.com/preinspection, it should point to preinspection.kbcsurveyors.com. Same for other sub domains.
In my .htaccess, which I placed inside root of mydomainname.com, I have written following lines:
RewriteEngine On
RewriteBase /
RewriteRule ^preinspection/(.*)$   https://kbcsurveyors.com/$1 [L,NC,QSA]   # Handle requests for "Preinspection"
But this file structure does not work. How do I write the .htaccess file to achieve what I want?
Regards
EDIT
I have asked a fresh question as this one has been messed up. Here is the link:How to rewrite rules for sub-domains
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} ^sub-domain1.mydomainname.com
RewriteRule ^(.*)$ http://mydomainname.com/$1 [L,NC,QSA]
If you want to redirect requests for a subdirectory to the appropriate domain, you can use the rules you have (or similar), but need to specify the scheme http:// and may use the R|redirect flag
RewriteRule ^sub-domain1 http://sub-domain1.mydomainname.com [R,NC,L]
If you also want to forward the requested path, you must capture it and use in the target
RewriteRule ^sub-domain1/(.*)$ http://sub-domain1.mydomainname.com/$1 [R,NC,L]

Mod Rewrite / Rewrite to Sub Directory

I've been trying to figure out mod_rewrite for days and I was wondering if you guys have any ideas
My primary domain is siteX.com, which maps to 'public_html' directory.
Recently, I added another domain, called siteY.com, and i marked 'public_html/siteY/public_html' as its root directory.
Now I'm trying to change my root directory for siteX, by mapping it to' public_html/siteX/public_html', but I when I implement mod_rewrite, it lets the users see the url to be 'http://www.siteX.com/siteX/public_html'. I need my primarly domain to map automatically to the correct directory with the using see only 'http://www.siteX.com'.
To better illustrate the directories im referring to.
public_html (siteX, my primary domain marks this as root directory)
- .htaccess file
- siteX
-public_html (siteX i want my primarily domain to mark this as root directory)
- siteY
-public_html ( siteY.com marks this as root directory)
I hope I made the problem clear. Thank you.
This is currently the rewrite rule I am using:
RewriteCond %{HTTP_HOST} ^(www.)?siteX.com [NC]
RewriteRule ^$ http://www.siteX.com/siteX/public_html/index.php
For my hosting company, I believe mod_rewrite is the only way to go
When you have http://www.siteX.com as part of the target in a RewriteRule, it automatically redirects the browser. It's like having the [R] flag. I think you want something like this:
RewriteCond %{HTTP_HOST} ^(www.)?siteX.com [NC]
RewriteCond %{REQUEST_URI} !^/siteX
RewriteRule ^(.*)$ /siteX/public_html/$1 [L]
To internally rewrite all requests for the host siteX.com to the /siteX/public_html/ directory.

Disable directory browsing for particular folders

I used the below to disable ,but my subdomains also not accessing .is there any code for only keeping for some folders ?
# disable directory browsing
Options All -Indexes
You can disable directory browsing using htaccess and mod_rewrite, and you'd be able to do it only under certain conditions. For example,in an htaccess file in the directory you want to disable directory browsing:
RewriteEngine On
RewriteCond %{HTTP_HOST} !subdomain.domain.com [NC]
RewriteRule ^$ - [L,F]
This will disable directory listing only if the host isn't subdomain.domain.com.
Or:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !123.45.67.89 [NC]
RewriteRule ^$ - [L,F]
This will disable directory listing only if the request isn't made from the IP: 123.45.67.89
Sounds like you put the code in a .htaccess file in your web root folder. You can instead use the same code in a .htaccess file in each of the folders you want to prevent directory browsing.

htaccess and rewriting my URLs

I'm trying to organise my websites with .htaccess, and I want to following configuration:
The URL of the main site has to be beta.example.com/portal/
The other sites should be in beta.example.com/othersite/
If users go to beta.example.com, they should be redirected 301 to
beta.example.com/portal/
beta.example.com/portal (without the trailing slash) should redirect to beta.example.com/portal/
/portal/ is not a physical file path on the server. I want all these sites to
be in a folder together, say /html/www/websites/
The folder the portal resides in, should not be located in
/html/www/websites/portal/, but I want to be able to switch the live
site to a new version (in a different folder) on the server, quickly,
invisible, without any downtime. This goes for all sites by the way.
I'm currently working with two or three .htaccess files: one in the root (www.), which directs beta.example.com to the folder /websites/
#RewriteBase / #should I use rewritebase or not?
/RewriteCond %{HTTP_HOST} ^beta.example.com$
RewriteRule (.*) websites/$1 [L,NC]
A .htaccess file is in the folder /websites/, and maybe another one or maybe not in the folder a site resides in.
RewriteBase /websites # or, not...
# rewrite the active site to the folder /portal_v1.0/
RewriteCond %{REQUEST_URI} ^/portal/
RewriteRule (.*) portal_v1.0/$1 [L]
# rewrite the root to /portal/
RewriteRule ^$ http://beta.example.com/portal/ [L,NC]
However, I still can't get this to work exactly the way I want. One problem is what beta.example.com/portal redirects to www.example.com/websites/portal/ , I don't want that. Help! Thanks in advance!

htaccess command to prevent master site access via subdirectory?

I have hosting setup with a master domain (mapped to the web root) and then a number of addon domains (each with their own folder within the web root). At the moment you can visit www.masterdomain.com/addondomainsubdir and reach the same page as you would if you visited www.addondomain.com (which maps to /public_html/addondomainsubdir). I want to prevent this so if you visit www.masterdomain.com/addondomainsubdir then it will do a 301 redirect to www.addondomain.com. The new addondomain.com site is a single page site so it does not have to map any additional pages.
Adding rules to the htaccess file in the web root does notaffect anything as the subdir exists which is wierd as i thought the htaccess command should work even if there is a matching subdir (i've tried the following which works when there's no matching subdir):
RewriteRule ^addondomainsubdir?$ http://www.addondomain.com [NC,R=301,L]
Logically given it's reaching this directory I figure i need to add a command within the htaccess file in the addondomainsubdir directory however nothing appears to have any effect (i've got various other rules setup and they work fine).
I would be massively grateful if anyone explain the best way to rectify this?
Thanks so much for your help,
Dave
I know this is an old post, but it has never been successfully answered. So for all of you finding this via search, this should do what the OP is asking.
Add this line to your .htaccess file:
redirect permanent /addondomainsubdir/ http://www.addondomain.com
Try these rules in your .htaccess:
Options +FollowSymlinks -MultiViews
RewriteEngine on
# for http
RewriteCond %{HTTP_HOST} ^(www\.)?masterdomain\.com$ [NC]
RewriteCond %{SERVER_PORT} =80
RewriteRule ^([^/]+)/?$ http://www.$1.com/ [R=301,L]
# for https
RewriteCond %{HTTP_HOST} ^(www\.)?masterdomain\.com$ [NC]
RewriteCond %{SERVER_PORT} =443
RewriteRule ^([^/]+)/?$ https://www.$1.com/ [R=301,L]
Instead of putting a rule in your main .htaccess, I would make make a .htaccess for each add-on domain, putting each one in the respective subdirectory.
RewriteEngine on
RewriteCond %{HTTP_HOST} masterdomain\.com$ [NC]
RewriteRule ^addondomainsubdir(.*)$ http://www.addondomain.com/$1 [R=301,L]

Resources