I'm using ReWrite Rules to control access to the site, when using an ip address my structure works fine.. however there is a particular provider who uses many different ip ranges which all reverse to their same domain "abc123.com", how would I express all of their ranges such as: *.abc123.com in my rewrite? the following is what i'm using for ip's:
RewriteCond %{REMOTE_ADDR} ^123\.456\.789\.012
RewriteRule ^ - [R=403,L]
and i'd like to do something like:
RewriteCond %{REMOTE_ADDR} ^*.abc123.com
RewriteRule ^ - [R=403,L]
how would I express all of their ranges such as: *.abc123.com in my
rewrite?
You can use a couple of ways and try to do this. This will use referrer and if it doesn't match your host you it will deny access.
RewriteCond expr "! %{HTTP_REFERER} -strmatch '*://%{HTTP_HOST}/*'"
RewriteRule ^ - [F]
or you can use remote host.
RewriteCond %{REMOTE_HOST} \.abc123\.com$ [NC]
RewriteRule ^ - [F]
If you have DNS lookups turned on in your Apache/VirtualHost config using this directive:
HostnameLookups On
then you can use REMOTE_HOST variable for remote host name as:
RewriteCond %{REMOTE_HOST} \.abc123\.com$ [NC]
RewriteRule ^ - [F]
Related
I'm trying to say:
For all IP Addresses that are not within the 110.140 or 110.10 ranges. If they are trying to access a URL that begins with "stage." then redirect them to the same URL but remove the "stage." portion of the string from the url.
RewriteCond %{REMOTE_ADDR} !^(110\.(140|10)) [NC]
RewriteCond %{HTTP_HOST} ^stage\. [NC]
RewriteRule stage\.(.*) https://$1 [R=301,L]
When using just the last two lines in made with love htaccess tester the last line fails (is not met). I haven't tested the code on a server.
Update:
After reading the Apache RewriteRule Directive details, I realized that the RewriteRule Directive does not search the HTTP_HOST, only the things after that. Therefore this approach will not work. Does anyone have an approach that will work?
Looks like your hostname starts with stage. not the URI. You may use this rule:
RewriteCond %{REMOTE_ADDR} !^110\.(140|10)
RewriteCond %{HTTP_HOST} ^stage\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L,NE]
I need to allow site access to only development team accessing from IPs 111.111.111.111 and 222.222.222.222 and for the rest of the visitors would like to show temporary maintenance page brb.html
I tried this with the following condition and rewrite rule and it got into a redirect loop. Any insights on how to make this work?
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^222\.222\.222\.222
RewriteCond %{REMOTE_ADDR} !^111\.111\.111\.111
RewriteCond %{SCRIPT_FILENAME} !^brb.html
RewriteRule ^.*$ /brb.html [R=307,L]
Note: IPs used above are not the real ones.
You can use:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^(222\.222\.222\.222|111\.111\.111\.111)
RewriteRule !^brb\.html$ /brb.html [R=307,L]
And test in a new browser.
!^brb\.html$ in rewrite rule pattern will stop looping for you.
SOLUTION:
Because of CloudFlare I had to use RewriteCond %{HTTP:X-FORWARDED-FOR} instead of RewriteCond %{REMOTE_ADDR}
I have a problem, I want to secure the admin panel of my website using .htaccess but its a CGI script.
from WebBrowser it looks like: http://mysite.com/?op=adminpanel
of course its /cgi-bin/index.cgi?op=adminpanel
I've tried with:
<files index.cgi?op=adminpanel>
order deny,allow
deny from all
allow from my.ip.address
</files>
but not working, works when I use <files index.cgi></files> but the whole site got 403 error for everyone except for my ip
now i'm testing with:
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !( my.IP)
RewriteCond %{QUERY_STRING} !(?op=adminpanel)
RewriteRule index.cgi - [F]
any help will be greatly appreciated
Per this article you can do it like this:
Let's say you want to block IP address 123.255.123.255 from accessing the page www.mydomain.com/index.php?option=com_my_special_component. Here is how you could write the rule:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^123\.255\.123\.255
RewriteCond %{QUERY_STRING} option=com_my_special_component [NC]
RewriteRule ^(.*)$ index.php [F,L]
The first line just turns on URL rewriting. The second line matches the IP address (use backslashes before each dot), the third line matches the querystring (ie. anything that comes after the ? in the URL) - in this case it would match if option=com_my_special_component comes anywhere in the URL after the ? (eg. index.php?id=1&option=com_my_special_component&action=dostuff would still match with this rule). The [NC] at the end of that line tells it to apply the rule regardless of whether any of the characters in the URL are uppercase or lowercase. The final line redirects the user to index.php with a 'forbidden' header - so they will get an error message in their browser, and tells mod_rewrite to stop interpreting any further rewrite rules.
If you want to ban multiple IP addresses, you can add new lines for them, but you need to add an [OR] flag to the end of each line except the last one - for example:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^123\.255\.123\.255 [OR]
RewriteCond %{REMOTE_ADDR} ^124\.255\.124\.255 [OR]
RewriteCond %{REMOTE_ADDR} ^125\.255\.125\.255
RewriteCond %{QUERY_STRING} option=com_my_special_component [NC]
RewriteRule ^(.*)$ index.php [F,L]
Since you are block access to an admin page, you probably want to only allow your IP. In that case you would just put an exclamation mark in front of the IP address to say if it's any IP other than this one, then rewrite.
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^123\.255\.123\.255
RewriteCond %{REMOTE_ADDR} !^124\.255\.124\.255
RewriteCond %{REMOTE_ADDR} !^125\.255\.125\.255
RewriteCond %{QUERY_STRING} option=com_my_special_component [NC]
RewriteRule ^(.*)$ index.php [F,L]
Hope that helps.
Try this in the .htaccess file :
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/admin
RewriteCond %{REMOTE_ADDR} !=10.0.0.1
RewriteCond %{REMOTE_ADDR} !=10.0.0.2
RewriteCond %{REMOTE_ADDR} !=10.0.0.3
RewriteRule ^(.*)$ - [R=403,L]
if the url begins with /admin and the remote address is not one of the three listed, send the browser on its merry way.
reference : https://www.concrete5.org/community/forums/chat/restrict-urls-starting-with-abc-to-specific-ips-.htaccess-guru
you can change this line (RewriteCond %{REQUEST_URI} ^/admin) to this :
RewriteCond %{REQUEST_URI} .*/admin
for very url contain "/admin".
I have multiple domains in one virtual host like aliases: example.com is primary, example1.com and example2.com are aliases
I need to rewrite multiple domains into single entry point passing it via GET query param discaring the www prefix for example :
HOST -> rewrite to
www.example1.com/some/path -> [example.com]/index.php?q=domain/example1.com/some/path
example2.com/some/path -> [example.com]/index.php?q=domain/example2.com/some/path
my current .htaccess doesn't work as supposed
RewriteRule ^(.+) %{HTTP_HOST}$1 [C]
RewriteRule ^(.*)/(.*) index.php?q=domain/$1/$2 [L,QSA]
Update1
Trying to use RewriteMap - rewrite.map it follows
example-site.com www.examplesite.com
www.example-site.com www.examplesite.com
.htaccess
RewriteMap host2site txt:/var/www/rewrite.map
RewriteRule ^(.*)$ index.php?q=/domain/{host2site:$1|NOTFOUND} [PT]
but it crashes with 500 server error :(
Try
RewriteCond %{HTTP_HOST} !=example.com [NC]
RewriteRule ^(.*)$ http://example.com/index.php?q=domain/%{HTTP_HOST}/$1 [L,QSA]
I want to allow access to specific domains. For example if domain contains the word asdf it should allow access. I final attempt before asking was:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^.*asdf.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} !^.*1234.*$
#RewriteRule .* - [F]
So here I tried to restrict access to all but domains that contain asdf or 1234.
You need to use %{HTTP_HOST} for checking the domain in URL instead of %{HTTP_REFERER}.
Can you try this code:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^.*(asdf|1234)\. [NC]
RewriteRule .* - [F]
Anubhava gave me a clue but not with the http_host. Finally the problem was the OR.
Now the following worked like a charm:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^.*(1234|asdf).* [NC]
RewriteRule .* - [F]
So HTTP_REFERER did what it should do (check the domain accessing). And the | worked as the or argument I needed.