LiteSpeed Settings - Shared Hosting - .htaccess

I put my site on a Shared Hosting which uses Litespeed.
I know that it is possible to override the Connection Timeouts set on the Litespeed Server, locally in the .htaccess file.
<IfModule Litespeed>
RewriteEngine On
RewriteRule .* - [E=noconntimeout:1]
</IfModule>
I need to override the following directive: Max Request Body Size. Is it possible to override it inside .htaccess or only on the server?
Reason is I need to upload files bigger than 500 MB and it seems that this is blocked.

Unfortunately to change Max Request Body Size requires a Server Level change. There is currently no .htaccess rule to override it at this time.
You might want to contact your Shared Hosting Provider to see if they can increase the limit for you.

Related

Block access for traffic to fake PDF pages

I have a lot of 404 hits to my site to PDF pages that have never existed on the site. These are all spammy-subject.pdf URLs. I get tens of these per day, which is much higher than genuine site traffic.
I'm currently adding 410 rewrites for each.
Can I use htaccess rule to totally block this traffic from reaching this site? Before it becomes a 404?
Can I use htaccess rule to totally block this traffic from reaching this site?
You can use .htaccess to prevent the request from being routed through a CMS such as WordPress, Joomla, etc. that uses a front-controller pattern - if that's what you mean by "site". However, the request has already reached your server by the time the .htaccess file is processed, so doing anything in .htaccess isn't necessarily going to help a "static site".
If you are already returning a 404 (or 410) - before it reaches your site - then the issue is already resolved.
The only potential issue is if the requests are being routed through your CMS and the 404 is being triggered by your CMS, not Apache. This would suggest you have the directives in the wrong place in your .htaccess file (or not present at all)? Blocking directives like this need to be at the top of your .htaccess file, before any existing rewrites.
For example:
# Prevent 404 request being routed unnecessarily through CMS
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule \.pdf$ - [NC,R=404]
There's no advantage to serving a 410 Gone instead of a 404 unless these files previously existed and you are trying to remove them from search engines (or telling 3rd parties they no longer exist).
UPDATE:
Should this code be at the very top or after the opening Wordpress rule: RewriteEngine On ?
It needs to be at the very top, before the # BEGIN WordPress comment marker (you should avoid manually editing the code in the WordPress section since WordPress itself maintains this section and your edits will be overwritten).
Yes, this is before the RewriteEngine On directive. You do not need to repeat the RewriteEngine directive. The location of the RewriteEngine directive does not actually matter. If there are multiple instances of this directive in the file then the last instance wins and controls the entire file. (It is a quick way to effectively comment out all the mod_rewrite directives in the file by simply placing a RewriteEngine Off directive at the very end.)

Rewrite with haccess an old url with unknown subfolders to a an url with only the first "subfolder" from old url

I'm trying to do a weird redirect in htaccess but i don't know how to do.
I have old urls like:
1. www.oldsite.com/known-old-folder/unknown-subfolder-1
2. www.oldsite.com/known-old-folder/unknown-subfolder-2/unknown-second-subfolder-1
i have to redirect respectively to new urls like:
1. www.newsite.com/known-new-folder/unknown-subfolder-1
2. www.newsite.com/known-new-folder/unknown-subfolder-2
I don't want to consider "unknown-second-subfolder-1" if present.
How can i do in htaccess?
I don't know what to do in my RewriteRule to ignore the "unknown-second-subfolder-1" if present.
Thanks a lot
You may use this redirect rule in known-old-folder/.htaccess:
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/known-old-folder/(.+) [NC]
RewriteRule ^ http://www.newsite.com/known-new-folder/%1 [L,NE,R=301]
Sounds pretty straight forward. You need to implement a redirection along the lines of the following rule inside your old site's configuration:
RewriteEngine on
RewriteRule ^/?(?:[^/]+)/([^/]+)/? https://new.example.com/new/$1 [R=301]
It is a good idea to start out with a 302 temporary redirection and only change that to a 301 permanent redirection later, once you are certain everything is correctly set up. That prevents caching issues while trying things out...
This implementation will work likewise in the http servers host configuration or inside a distributed configuration file (".htaccess" file). Obviously the rewriting module needs to be loaded inside the http server and enabled in the http host. In case you use a distributed configuration file you need to take care that it's interpretation is enabled at all in the host configuration and that it is located in the host's DOCUMENT_ROOT folder.
And a general remark: you should always prefer to place such rules in the http servers host configuration instead of using distributed configuration files (".htaccess"). Those distributed configuration files add complexity, are often a cause of unexpected behavior, hard to debug and they really slow down the http server. They are only provided as a last option for situations where you do not have access to the real http servers host configuration (read: really cheap service providers) or for applications insisting on writing their own rules (which is an obvious security nightmare).

Mass redirect urls through .htaccess

I changed the path of some urls and would like to get some help if possible, to create a rule in my .htaccess to redirect them in bulk.
The old url were like this one: https://www.mastersol.gr/hliakoi-thermosifones-solar/epilektikoi/mastersol-plus-wifi/product/430-160-2-plus-wifi-mastersol
The new urls are like this one: https://www.mastersol.gr/iliakoi-thermosifones/epilektikoi/mastersol-plus-wifi/product/430-160-2-plus-wifi-mastersol
As you can see, I changed only the part /hliakoi-thermosifones-solar/ to /iliakoi-thermosifones/ and I need to 301 redirect all /hliakoi-thermosifones-solar/ urls to /iliakoi-thermosifones/.
Could you help on this?
Thanks!
The task appears to be straight forward: you implement a rule matching only those requests still using the old pattern, capture the stuff following after that token to be changed and redirect (or itnernally rewrite) to a newly assembled URL:
For an external redirection:
RewriteEngine on
RewriteRule ^/?hliakoi-thermosifones-solar(.*)/?$ https://www.mastersol.gr/hliakoi-thermosifones$1 [R=301,END]
For an internal rewrite:
RewriteEngine on
RewriteRule ^/?hliakoi-thermosifones-solar(.*)/?$ /hliakoi-thermosifones$1 [END]
If you receive back an http status 500 (internal server error) using those rules then chances are that you are using a very old version of the apache http server and have to use the [L] flag instead of the [END] flag.
And a general remark: you should always prefer to place such rules in the http servers host configuration instead of using dynamic configuration files (".htaccess"). Those dynamic configuration files add complexity, are often a cause of unexpected behavior, hard to debug, they really slow down the http server, often for nothing and they can open pathways to security nightmares. They are only provided for situations where you do not have access to the real http servers host configuration (read: really cheap service providers).

How to block access to a website if its directly accessed with it's IP address using a .htaccess file?

I would like to know how to prevent visitors of my website to access it using the website's IP address. I want to do this through a .htaccess file. I just want it to say "Forbidden" when they try it. But if they visit the website using it's domain name they have access.
There may be a better way, but this will work:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^$
RewriteRule ^ - [F,L]
If there is nothing in the host header, it returns forbidden. There would be an empty host header for access by IP.
A better way is to put a default <VirtualHost> in the config for that IP, so requests by IP never get served by the site. I guess this may not be an option for you since you requested a .htaccess solution. The above method blocks HTTP 1.0 clients but that's really not much of a concern these days.

Blocking direct access to an URL (not a file)

A drupal site is pushing International traffic over quota on my (Plesk 10.4) server, and it looks as though much of that of that (~250,000 visits/month) is direct access to the URL /user/register. We are already using the botcha module to filter out spambot registrations, but that approach is resulting in two full pages being served to each bot. And while Drupal
I'm thinking that a .htaccess rule which returns a 403 response to that URL unless the referer is from the site might be the way to go, but my .htaccess-fu is not strong, and I can only find examples for blocking hot-linking of images.
What do I need to add and where?
Thanks,
Richard
You'd be checking against the HTTP referer. It's not a guarantee way to block incoming traffic linked from a site other than yours, since the field can be easily forged. But you can try adding this to the htaccess file (above any rules that are already there):
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?your-domain\com/ [NC]
RewriteRule ^user/register - [L,F]

Resources