I am trying to set up Amazon CloudFront that it works well.
Everything works fine, exept for access-control-allow-origin "*"
I added inside my .htaccess file the following:
<ifModule mod_headers.c>
<FilesMatch \.(eot|ttf|otf|svg|tif|tiff|woff)$>
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</ifModule>
And checking the file direclty on the server, it works fine:
curl -I https://domain.com/fonts/font.woff
I get the result Access-Control-Allow-Origin: *
But when I check it for the Amazon CloudFront url, it does not work. It is not added to the header.
I also added the "Origin" to the whitelist, see:
But it still does not work, it is not added to the header.
EDIT:
When I create a new .woff file and load it over CloudFront Access-Control-Allow-Origin: * is still not edit. So I still miss something, what am I missing?
See my header:
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=iso-8859-1
Content-Length: 0
Connection: keep-alive
Date: Fri, 23 Dec 2016 08:05:32 GMT
Server: Apache/2
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Location: https://domain.com/fonts/font_2.woff
Cache-Control: max-age=2592000
Expires: Sun, 22 Jan 2017 08:05:32 GMT
Age: 21
X-Cache: Hit from cloudfront
Via: 1.1 9635c619f121d7a236fe1312f20e5f1b.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Ygkldos5hh6s5AwolxfL5nzoxsNJPl-vpmeoNZ8fEGSKPVCgzbIFtg==
What am I missing?
EDIT 2:
Looks like it is because of my current https redirect in .htaccess. See:
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
How to solve this?
It read in cache maybe. If you can restart your IIS it can be fixed or wait.
Related
I have an redirection when 404 is served with apache:
ErrorDocument 404 https://my404.com/image.jpg
# other rewrite rules that cannot be affected
How can I set no-cache header only when redirection above is applied?
From this answer How to prevent http file caching in Apache httpd (MAMP) put the folowing code at .htaccess file :
<filesMatch "image\.jpg$">
FileETag None
<ifModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</ifModule>
</filesMatch>
I need to disable remotely downloading my web pages using curl/wget.
I want to disable curl -vv http://www.example.com
and I need to get a result like this
**
Rebuilt URL to: http://www.example.com/ Trying 12.34.56.78...
TCP_NODELAY set Connected to www.example.com (12.34.56.78) port 80
(#0) GET / HTTP/1.1 Host: www.example.com User-Agent: curl/7.53.1
Accept: / HTTP/1.1 301 Moved Permanently Server: AkamaiGHost
Content-Length: 0 Location: http://www.example.com/ Date: Mon, 13
Nov 2017 05:52:50 GMT Connection: keep-alive Connection #0 to host
www.example.com left intact
**
I am using Apache, Using Cloudflare.
Please help me
You can disable wget and curl with the rules below:
RewriteCond %{HTTP_USER_AGENT} ^pycurl [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [NC,OR]
Just add them to .htaccess.
On my development server running xampp on windows my .htacess rewrite rules are working fine. Once we went to our live server which is running Linux core 3.8.0-21-generic #32-Ubuntu SMP Server version: Apache/2.2.22 (Ubuntu), our rules which do not contain parameters no longer work, yet rules which do have parameters are working.
Options -Indexes
<filesMatch "\.(html|htm|txt|js|htaccess)$">
FileETag None
<ifModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</ifModule>
</filesMatch>
ErrorDocument 404 /404.php
RewriteEngine On
#Main site rules
RewriteRule ^login/?$ login.php [NC,L]
RewriteRule ^contact/?$ contact.php [NC,L]
The above rules which go to contact.php and login.php do not work. But, this more complicated rule with parameters is working:
RewriteRule ^game/([a-zA-Z0-9]+)/?$ handles/handle-game-select.php?name=$1 [NC,L]
Is there differences between the two server environments which is causing this to occur?
Also, it appears that if we do something strange such as: RewriteRule ^contact.x contact.php [NC,L] we are able to reach contact.php...
Very confused on this one.
Thank you for any help.
I suspect that is due to enabling of MultiViews option. Add this line on top to disable it:
Options -MultiViews
Option MultiViews is used by Apache's content negotiation module that runs before mod_rewrite and and makes Apache server match extensions of files. So /file can be in URL but it will serve /file.php.
I have a url
api/something/json?callback=abc and I want to redirect it to
dothis.php?strEndPoint=something&callback=abc&format=json
The base htaccess I tried was:
RewriteRule ^api/(.)/(json)?callback=(.) client.php?strEndPoint=$1&callback=$3&format=($2)
Doesn't appear to work : p
tested
using .*
RewriteEngine On
RewriteCond %{QUERY_STRING} callback\=(.*)
RewriteRule /api/(.*)/(json) /client.php?strEndPoint=$1&callback=%1&format=$2 [R=301]
you can remove r=301 just for test
$ curl localhost/api/1111/json?callback=2222 -I
HTTP/1.1 301 Moved Permanently
Date: Fri, 01 Nov 2013 03:16:25 GMT
Server: Apache/2.2.24 (Unix) DAV/2 mod_ssl/2.2.24 OpenSSL/0.9.8y
Location: http://localhost/client.php?strEndPoint=1111&callback=2222&format=json
A request to http://localhost/SAMPLE-CODES/backbone-mysql-reading-json/websites
gets redirected as follows:
> Request URL:http://localhost/SAMPLE-CODES/backbone-mysql-reading-json/websites
> Request Method:GET
> Status Code:301 Moved Permanently
Response headers:
> HTTP/1.1 301 Moved Permanently Date: Thu, 06 Sep 2012 14:32:41 GMT
> Server: Apache/2.2.17 (Win32) mod_ssl/2.2.17 OpenSSL/0.9.8o PHP/5.3.4
> mod_perl/2.0.4 Perl/v5.10.1 Location:
> http://localhost/SAMPLE-CODES/backbone-mysql-reading-json/websites/
> Content-Length: 417 Keep-Alive: timeout=5, max=100 Connection:
> Keep-Alive Content-Type: text/html; charset=iso-8859-1
I am not sure what causes this redirect.
I have the following .htaccess in folder c:\xampp\htdocs\SAMPLE-CODES\backbone-mysql-reading-json\:
.htaccess
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [QSA,L]
This is probably because of the mod_dir and the DirectorySlash directive that's doing the redirect. With it on, when apache looks at a URI and thinks it's accessing a directory, and is missing the trailing slash, it 301 redirects to the URI with the trailing slash. It's always turned on by default because there's an information disclosure security issue if you have it turned off. But if you are routing everything through an index.php script, it may not even matter and you can turn it off by simply adding DirectorySlash Off in your htaccess file (and turn it on for directories that you can access directory, like css or js or images, etc.