Trying to get
www.example.com/admin
and allow ip x.x.x.x
if not this ip (x.x.x.x)to go directly to
www.example.com/
#/vhdocs/example/web/docroot/application/controllers/admin
What I've tried:
RewriteEngine on
RewriteBase /
# RewriteCond %{HTTP_REFERER} ^http://example.com/admin$
# RewriteCond %{REMOTE_ADDR} !^x\.x\.x\.x$
# RewriteRule ^/* http://www.example.com [L]
What am I doing wrong?
Mostly correct, but too complicated. Try this instead:
RewriteEngine on
RewriteBase /
RewriteCond %{REMOTE_ADDR} !^x\.x\.x\.x$
RewriteRule ^/?admin$ http://www.example.com [L,R=301]
This version should work both in .htaccess style files and in the http servers host configuration. Note that you should only use .htaccess style files if you really have no other choice. Those files are notoriously error prone, hard to debug and they really slow down the server, often for nothing. They are only provided as a last option for those who do not have access to the host configuration and who cannot implement such logic in a routing script.
Related
Our website is allowing any prefix/subdomain before the domain.
So if our site is www.domain.com, then the server is allowing;
www.anything.domain.com, where 'anything' can be literally anything, and it displays whatever is on the page that actually exists.
So, www.anything.domain.com/something.php displays the content that should only be accessible via www.domain.com/something.php.
Is there any way using .htaccess to stop this from happening, or redirect it to the version that does actually exist?
Or does this need to be done on the server?
Does anyone know why this is being allowed?
Ideally, this should be configured in server configuration files (also, you can configure DNS to simply not resolve unwanted hostnames, but that is for another question probably).
If you don't have access to server configuration, you can do it in .htaccess:
# to block access if any domain except example.com or www.example.com was used
RewriteEngine On
RewriteCond %{HTTP_HOST} !=www.example.com
RewriteCond %{HTTP_HOST} !=example.com
RewriteRule ^ - [F]
or
# if any domain except example.com or www.example.com was used,
# redirect the request to www.example
RewriteEngine On
RewriteCond %{HTTP_HOST} !=www.example.com
RewriteCond %{HTTP_HOST} !=example.com
RewriteRule ^ http://www.example.com%{REQUEST_URI} [R=301]
I'm working on my website link architecture. I would like to redirect with my .htaccess already rewritten URL to a new one to keep my incoming links active.
www.website.com/profile-info/ to www.website.com/profile/
This is my actual working .htaccess :
Options +FollowSymlinks -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_URI} /profile-info/?$ [NC]
RewriteRule . models.php [L]
So in order to redirect /profile-info/ to the new URL : /profile/ . I end up with this code. However it redirects /profile/ to /profile-info/.
RewriteCond %{REQUEST_URI} /profile/?$ [NC]
RewriteRule . /profile-info/ [L,R=302]
I think this is what you are looking for:
RewriteEngine On
RewriteMap /
RewriteRule ^/?profile-info/?$ /profile [END,NE,R=301,QSA]
RewriteRule ^/?profile/?$ models.php [L,QSA]
It is a two step strategy:
redirect "old" links pointing to /profile-info to the new /profile
internally rewrite /profile to models.php
You may have to change the RewriteMap, this obviously depends on your situation.
And a general hint: you should always prefer to place such rules inside the http servers host configuration instead of using .htaccess style files. Those files are notoriously error prone, hard to debug and they really slow down the server, often without reason. They are only provided for situation where you do not have access to the host configuration (read: really cheap hosting providers) or in case an application needs to write its own rules (which is an obvious security nightmare...).
You can use these 2 rules:
Options +FollowSymlinks -MultiViews
RewriteEngine On
# redirect /profile-info to /profile
RewriteRule ^profile-info/?$ /profile [R=301,NE,L]
# rewrite /profile to /models.php
RewriteRule ^/?profile/?$ models.php [L,NC]
In the Apache 2.4 docs on dynamic virtual hosts, it says:
Mass virtual hosts with mod_rewrite
Mass virtual hosting may also be accomplished using mod_rewrite, either using simple RewriteRule directives, or using more complicated techniques such as storing the vhost definitions externally and accessing them via RewriteMap. These techniques are discussed in the rewrite documentation.
I'm attempting to use mod_rewrite instead of mod_vhost_alias because I want it both ways: localhost/project and project.dev should point to the same folder, but either URL should work.
Here's my latest attempt (currently in an .htaccess), which gets me a lovely 500 error.
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(.*)\.dev$ [NC]
RewriteRule ^(.*)$ /%1/$1 [L,QSA]
If I do
...
RewriteRule ^(.*)$ http://localhost/%1/$1 [L,QSA]
I can access the files, but the URL changes (not what I want). I've tried a variety of permutations with and without slashes, RewriteBase, etc.
To be clear, I want project.dev/index.php and localhost/project/index.php to both be valid non-redirected references to /var/www/html/project/index.php. And I'd like to do this in a dynamic way, so I don't need to enter a new set of rules for every folder.
I'm not fixated on doing this with .htaccess - virtualhosts are ok too as long as they're dynamic and I can still access my sites using the localhost/ scheme and the other machines on the network can connect to the sample sites in the usual way (192.168.1.22/project/index.php).
Try this rule:
RewriteEngine on
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteCond %{HTTP_HOST} ^(.+)\.dev$ [NC]
RewriteRule ^(.*)$ /%1/$1 [L]
I am very new to the idea of .htaccess and thought that it was what you used to do something like turn this:
http://www.domain.com/some/ugly/url/here.html
into this:
http://www.domain.com/niceurl
I was just told by my ISP that in order to get that to happen, no, it's done by putting the document into the web root folder. That .htaccess isn't used at all.
Does anyone know if this is true? I see a lot of examples about what .htaccess DOES but not so much about what it can't do. Somehow I thought this was all that was needed.
Lastly, if someone types in www.domain.com/niceurl what will happen? Don't I need to have that linked (if not by htaccess, how?!) to the location of the actual file?
Thank you for any and all help. I realize that .htaccess questions abound but they're hard to pick through for the layperson and I'm hoping to answer this specific question.
Here's what I believe should be an answer you want, put the block below to your .htaccess
Answer:
## Enabling Apache's Mod_rewrite module.
RewriteEngine On
# Following line is required if your webserver's URL is not directly related to physical file paths (just / for root, e.g. www.domain.com/)
RewriteBase /
# Restricts rewriting URLs only to paths that do not actually exists
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
# Redirect www.domain.com/bar to www.domain.com/foo
Redirect 301 /bar /foo
# Internally load the long URL without changing URL in address bar
RewriteRule ^foo/?$ http://www.domain.com/some/ugly/long/thing/here.html [L,NC]
As a result, www.domain.com/bar will be redirected to www.domain.com/foo and /foo will internally load http://www.domain.com/some/ugly/long/thing/here.html
FYI:
Your website's URL doesn't have to be directly related to physical file paths. Your URL's segment can be served as alias to your URL's parameters. for e.g,
http://www.domain.com/index.php?key1=value1&key2=value2
can be represented as
http://www.domain.com/value1/value2
Note: you need to implement a server side script to be served as a
router to manipulate the URL segments.
For more information about using .htaccess, check this out
Ref: http://htaccess-guide.com/
.htaccess files can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer. These facilities include basic redirect functionality, for instance if a 404 file not found error occurs, or for more advanced functions such as content password protection or image hot link prevention.
Below is a few examples,
# Custom Error Pages for Better SEO,
# for e.g, to handle 404 file not found error
ErrorDocument 404 http://www.domain.com/404page.html
# Deny visitors by IP address
order allow,deny
deny from 122.248.102.86
deny from 188.40.112.210
allow from all
# Redirects
Redirect 302 /en/my-dir/my-page.html /en/my-path/example.html
# Disallow some silly bots from crawling your sites
RewriteCond %{HTTP_USER_AGENT} (?i)^.*(BlackWidow|Bot\\ mailto:craftbot#yahoo.com|ChinaClaw|Custo|DISCo|Download\\ Demon|eCatch|EirGrabber|EmailSiphon|EmailWolf|Express\\ WebPictures|ExtractorPro|EyeNetIE|FlashGet|GetRight|GetWeb!|Go!Zilla|Go-Ahead-Got-It|GrabNet).*$
RewriteRule .* - [R=403,L]
# Setting server timezone
SetEnv TZ America/Los_Angeles
# trailing slash enforcement,
# e.g, http://www.domain.com/niceurl to http://www.domain.com/niceurl/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !#
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ^(.*)$ http://www.domain.com/$1/ [L,R=301]
Enable mod_rewrite and .htaccess through httpd.conf (if not already enabled) and then You can use this code in your DOCUMENT_ROOT/.htaccess file:
RewriteEngine On
RewriteRule ^niceurl/?$ some/ugly/url/here.html [L,NC]
This will allow you to use http://domain.com/niceurl in your browser and it will internally load http://domain.com/some/ugly/url/here.html without changing URL in browser.
If you also want to force redirection from ugly URL to pretty URL then add this redirect rule just below RewriteEngine On line:
RewriteCond %{THE_REQUEST} \s/+some/ugly/url/here\.html [NC]
RewriteRule ^ /niceurl [R=302,L,NE]
Basically I'm about to start work on a site and I'd like something that I can add into my .htaccess file (or elsewhere) that'll work like this pseudo code: (my ip will be in place of 127.0.0.1)
if (visitors_ip <> 127.0.0.1)
redirectmatch ^(.*)$ http://www.example.com/under-construction.html
Hopefully that makes sense...
That would be something like:
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1
RewriteCond %{REQUEST_URI} !/mypage\.html$
RewriteRule .* http://www.anothersite.com/mypage.html [R=302,L]
As Andrew points out, the %{REQUEST_URI} condition avoids infinite loop if you redirect to the same domain.
As Xorax comments almost 9 years later:
You should not use REMOTE_HOST, it will fail in many case. You should use REMOTE_ADDR.
Cf "difference between REMOTE_HOST and REMOTE_ADDR"
Here's the solution I ended up using, note that it is similar to VonC's except that his caused an infinite loop if you chose to redirect to the same domain.
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} !^127\.0\.0\.1
RewriteCond %{REQUEST_URI} !/coming-soon\.html$
RewriteRule .* http://www.andrewgjohnson.com/coming-soon.html [R=302,L]
It should also be noted that 302 is a temporary move and should be used instead of nothing or 301.
<IfModule mod_rewrite.c>
RewriteEngine On
# Redirect all except allowed IP
ReWriteCond %{REMOTE_ADDR} !^000\.000\.000\.001$
RewriteCond %{REMOTE_ADDR} !000\.000\.000\.002$
ReWriteCond %{REMOTE_ADDR} !^000\.000\.000\.003$
RewriteRule (.*) http://YourOtherWebsite.com/$1 [R=301,L]
</IfModule>
before your wordpress ifmodule
this will redirect everyone except the 3 ip address in question.
You simply ftp to the site and edit the .htaccess file if your IP address changes.
Be careful with this approach.
I've gotten burned by taking the IP based approach to limiting access, and then losing the lease on my IP address.
Of course you can always ssh into the box in question and change the .htaccess file again, but the 5 minutes of panic while you try to figure out what just happened aren't exactly fun if you aren't expecting it to happen.
I recommend instead using the .htaccess (in conjunction with an htpasswd file) to request credentials for accessing your development site.
A good example of that is here: http://aplawrence.com/foo-web/htaccess-authentication.html