I want to protect a file from user but let my javascript get it !
So i use a .htaccess to protect like this
# Do not remove this line or mod_rewrite rules and search engine friendly URLs will stop working
RewriteBase /
<Files "bd.xml">
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Files>
But my xml query script return me this :
TypeError: xml is null
(The probleme come from the .htacces, if i remove it all is good)
So i Require your help !Event if it's not with the .htacces ! All i need to do is to avoid user to see the xml document but allow my script to get it !
Related
When I browse example.com/img it shows all the directory contents. This leads to security problem . How to redirect these kind of url requests to example.com but without using htaccess
Best practice usually suggests adding these lines to your Apache config to disable directory listing:
<Directory />
Options -Indexes
Order allow,deny
Allow from all
</Directory>
But this will simply deny users access to the URL example.com/img. If you'd like to redirect as well, you could add an index.php file to each directory you'd like to redirect from in addition to making the Apache config change. The index.php file should contain:
<?php
header("Location:".$_SERVER['DOCUMENT_ROOT']);
I have one website (www.mysite.com) that I have on a temporary redirect to another folder (www.mysite.com/tempfolder/index.php). I also host another site in the root folder of www.mysite.com called www.subsite.com. It has it's own URL, but I can't figure out how to make that entire sub-folder exempt from the redirect! Any ideas? Here is what my .htaccess file looks like right now (which is perfectly redirecting everything to the temporary landing page).
<Limit GET POST PUT>
order deny,allow
deny from all
allow from ***
allow from ****
allow from *****
</LIMIT>
ErrorDocument 403 http://www.mysite.com.com/tempfolder/index.php
<filesMatch ".(htm|html|php|css|js|php|gif|jpg|db|png)$">
order allow,deny
allow from all
</FilesMatch>
Any ideas? thanks all!
try putting an .htaccess file in the subfolder that does not contain the redirection rules. That should work just fine -- it can even be a blank file.
I have recently installed Solr on server and i want to restrict only local users can access it with .htaccess
site.com:8983/solr/admin [ restrict all user]
And below is the .htaccess code
RewirteRule on
<FilesMatch "127.0.0.1:8983/solr/admin">
Order Deny, Allow
Deny form all
Allow 127.0.0.1
</FilesMatch>
Or is there any method we can protect / restrict Solr Admin on site.com:8983/solr/admin accessing from other users
Only local ip users can use it..
And i tried this one, but its not working.
Your <FilesMatch "127.0.0.1:8983/solr/admin"> line will never match anything because you've stuck the hostname and port in the regular expression. Try using the Location container instead:
<Location "/solr/admin">
Order Deny, Allow
Deny from all
Allow 127.0.0.1
</Location>
Or better yet, Directory:
<Directory "/path/to/your/document/root/solr/admin">
Order Deny, Allow
Deny from all
Allow 127.0.0.1
</Directory>
You'll need to fill in the full path to the solr/admin directory.
Get rid of the RewirteRule on line, it doesn't do anything and it's not even spelled right and will cause a 500 error.
However, neither of these directives can be use in an htaccess file. You need to use these in either the server of vhost config. If you must use an htaccess file, then create an htaccess file in your solr/admin directory and simply put these directives in it:
Order Deny, Allow
Deny from all
Allow 127.0.0.1
Or, in the htaccess file in your document root:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !127.0.0.1
RewriteRule ^/?solr/admin - [L,F]
Check following links. Hope they will help you.
Restrict Solr Admin Access
Solr Security
Securing Solr administrative console
How to protect Apache Solr admin console
Hello I don't know much about the .htaccess configuration, but I want to restrict access to php files on my web server and I want to have only index.php with parameters accessible.
My files are in subfolder like: www.mydomain.com/sub/index.php. I want to have access to open that index.php in subfolder, css files and js files.
Here is my configuration I have so far:
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
<Files /index.php>
Order Allow,Deny
Allow from all
</Files>
<FilesMatch "*\.(css|js)$">
Order Allow,Deny
Allow from all
</FilesMatch>
I have tried to do something like <Files sub/index.php> but everytime it restricts all php files in subfolders and www.mydomain.com/index.php works fine.
Can anyone help me with it?
You can move all files except ones needed to be accessible by http (index.php, css, images etc.) out from DocumentRoot directory to upper level, so directory layout looks like this:
/lib
/files
/html
/index.php
/css/
/images/
where /html is your DocumentRoot.
In this case you won't need any additional restrictive rules in .htaccess or VirtualHost configuration/
htaccess may not be the best option to preventing direct access to some of your Php files. Instead, create an access value and set it to some value in the page you wish directed access to and don't set it in other pages otherwise.
$access = 'some value';
if(empty($access)) { header("location:index.php"); die();}
This way other php files will only be accessible via include or require. Hope that helps.
To prevent my Ajax files from direct acccess I did this:
I put all files in a common directory called "ajax" and put this in an .htaccess file in the same folder. This is my directory structure:
/var/www/html/ajax
<Directory "/var/www/html/ajax">
order allow,deny
Deny from all
Allow from 127.0.0.1
</Directory>
But this produces server error 500. .htaccess use is enabled in my server along with mod-rewrite. Please help.
The Directory directive is not allowed in your .htaccess file. see http://httpd.apache.org/docs/2.0/mod/core.html#directory. However, you can achieve the same result by simply placing the code you have in the .haccess in the /var/www/html/ajax directory, without the Directory directive
order allow,deny
Deny from all
Allow from 127.0.0.1
<Directory> is a directive that's not supported in .htaccess files, it's core and vhost specific.
For an .htaccess file, the directive is superfluous and must be omitted, because the directory is implied by the location of the .htaccess file.
Simply remove <Directory> and its closing "tag" and it should work.