I have adapted the .htaccess on my WordPress site and made additions such as the activation of GZIP.
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
</IfModule>
Then I put a rule in the subfolder that should prohibit access to certain pages.
<FilesMatch "connection\.php|data\.php|protection\.php">
order allow,deny
deny from all
</FilesMatch>
Of course, I wanted the rules created in the root folder to also apply to the additional rules in the subfolders (of course only in the respective folders). Today I read a article that made me suspicious in which I read that a .htaccess file in a subfolder completely overwrites a .htaccess file from a parent folder and not adds the new specific points and only when a new point is added to a point from the higher-level folders which is suppose it gets overwritten. So I tried it out and in my opinion it is not true because, according to GZIP Tester, the files are also got zipped in the folder where I don't add this
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
</IfModule>
Here is a diagram from the page where I found this article.
It's German, but I think you will understand that. (Verzeichnis = Root folder, Unterverzeichnis = subfolder)
The question is what's right, did I make a mistake and have to re-list the rules every time I want to extend the root folder in each .htaccess file (in sub-folders) or was the text on the website just wrong?
From the official Apache docs (https://httpd.apache.org/docs/current/howto/htaccess.html#how):
The configuration directives found in a .htaccess file are applied to the directory in which the .htaccess file is found, and to all subdirectories thereof. However, it is important to also remember that there may have been .htaccess files in directories higher up. Directives are applied in the order that they are found. Therefore, a .htaccess file in a particular directory may override directives found in .htaccess files found higher up in the directory tree. And those, in turn, may have overridden directives found yet higher up, or in the main server configuration file itself.
i m using XAMPP but i m not able to use .htaccess file at local host. i m trying so many times.. Online working good. but local host showing [The requested URL was not found on this server]
My root folder is real
localhost/acre/real/property_available.php
localhost/acre/real/properties
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /acre/real/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^properties$ /property_available.php/$1 [NC,QSA]
</IfModule>
Please
Just had a similar issue
Resolved it by checking in httpd.conf
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All <--- make sure this is not set to "None"
It is worth bearing in mind I tried (from Mark's answer) the "put garbage in the .htaccess" which did give a server error - but even though it was being read, it wasn't being acted on due to no overrides allowed.
In conf/extra/httpd-vhosts.conf, add the line AllowOverride All for all the websites that you are having problem with
<VirtualHost example.site:80>
# rest of the stuff
<Directory "c:\Projects\example.site">
Require all granted
AllowOverride All <-----This line is required
</Directory>
</VirtualHost>
Try
<IfModule mod_rewrite.so>
...
...
...
</IfModule>
instead of <IfModule mod_rewrite.c>
Without seeing your system it's hard to tell what's wrong but try the following (comment answer if these didn't work WITH log error messages)
[STOP your Apache server instance. Ensure it's not running!]
1) move apache server/install to a folder that has no long file names and spaces
2) check httpd.conf in install\conf folder and look for AccessFileName. If it's .htaccess change it to a file name windows accepts (e.g. conf.htaccess)
3) double-check that your htaccess file gets read: add some uninterpretable garbage to it and start server: you should get an Error 500. If you don't, file is not getting read, re-visit httpd.conf file (if that looks OK, check if this is the only file which defines htaccess and it's location and it does at one place -within the file- only; also check if both httpd.conf and htaccess files are accessible: not encrypted, file access rights are not limited, drive/path available -and no long folder path and file names-)STOP Apache again, then go on:
4) If you have IIS too on your system, stop it (uninstall it too if you can) from services.msc
5) Add the following to the top of your valid htaccess file:
RewriteEngine On
RewriteLog "/path/logs/rewrite.log" #make sure path is there!
RewriteLogLevel 9
6) Empty your [apache]\logs folder (if you use another folder, then that one :)
7) Check the following entries are set and correct:
Action application/x-httpd-php "c:/your-php5-path/php-cgi.exe"
LoadModule php5_module "c:/your-php5-path/php5apache2.dll"
LoadModule rewrite_module modules/mod_rewrite.so
Avoid long path names and spaces in folder names for phpX install too!
8) START apache server
You can do all the steps above or go one-by-one, your call. But at the end of the day make sure you tried everything above!
If system still blows up and you can't fix it, copy&paste error message(s) from log folder for further assistance
I had a similar problem. But the problem was in the file name '.htaccess', because the Windows doesn't let the file's name begin with a ".", the solution was rename the file with a CMD command. "rename c:\xampp\htdocs\htaccess.txt .htaccess"
for xampp vm on MacOS capitan, high sierra, MacOS Mojave (10.12+), you can follow these
1. mount /opt/lampp
2. explore the folder
3. open terminal from the folder
4. cd to `htdocs`>yourapp (ex: techaz.co)
5. vim .htaccess
6. paste your .htaccess content (that is suggested on options-permalink.php)
For windows user, make sure to closely look at this section.
RewriteRule ^properties$ /property_available.php/$1 [NC,QSA]
As said in Apache documentation :
The mod_rewrite module uses a rule-based rewriting engine, based on a
PCRE regular-expression parser, to rewrite requested URLs on the fly.
So ^properties$ means Apache will only look for URL that has exact match with properties.
You might want to try this code.
RewriteRule properties /property_available.php/$1 [NC,QSA]
So Apache will see the URL that has properties and rewrite it to /property_available.php/
I've setup xampp for my localhost as well, I've not done anything with the files created by xampp during or after setup.
But in the '.htaccess' file, make sure you've set it to something like this. Works for me, and this should not make any difference for you.
RewriteEngine On
RewriteRule ^filename/?$ filename.html
Change .html to whatever format you're using.
Make sure your install is clean, and just make the .htaccess file.
Also remember to put one .htaccess file for each directory (don't really know if you can use ONE file for all folders, but to be safe, just do this and it will always work.
Edit the .htaccess file, so the first line reads 'Test.':
Test.
Set the default handler
DirectoryIndex index.php index.html index.htm
...
I want to have two index files. one - index.php and one - index.html.
But I want also to make the default file on the server - index.php
(I have two file just on local environment).
I've already tried to add in the .htaccess the row : DirectoryIndex index.php
but the index.html still loaded first.
Is there any solution without deleting one of the files.
You can specify multiple values:
DirectoryIndex index.php index.html
In order for this to work you need to allow overrides for indexes in the apache config
AllowOverride indexes
http://httpd.apache.org/docs/2.2/mod/mod_dir.html
A common error is that your .htaccess file isn't being read at all. A good way to make sure your .htaccess is being read is to put a typo in it and make sure you get an error.
I have a files directory for my image storage in my web root folder, i want to know how to secure that folder. i prevent people from uploading scripts to that folder, i check file extensions, if it is not an image then it will not save to that folder.
but faking extensions are done easily, what happens if someone manage to upload a script to my files directory and access that from the browser
so i need a way to prevent scripts from running inside that folder and only allow images to run.
i know htaccess can do that but i dont know how to set it up. my .htaccess file is like this:
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI
ForceType application/octet-stream
<FilesMatch "(?i)\.(gif|jpe?g|png)$">
ForceType none
</FilesMatch>
Options All -Indexes
but it is not working, i saved a php file in that folder then tried to accessed it from the browser and i can still access it. do you know how to make this work? or if you have more secure approach to this, please tell me.
thank you
I think that it isn't working because you have only added an extra handler, you haven't removed the other handlers.
It is easiest to put another .htaccess file in the folder you want to protect (rather than messing with the match directive) that contains:
# Fix PHP, you should do matching commands for JSP and ASP, & html
RemoveType application/x-httpd-php php
# .... add the other remove-handler statements here .... #
# Optionally make these equivalent to text files.
# UPDATE: Taken this out as you dont want people to see PHP files at all
#AddType text/html php
# To disable cgi and server side includes & indexes
# You need to check the setup of Apache, some of the file types
# listed should already be handled as CGI (.pl, .py, .sh)
Options -ExecCGI -Includes -Indexes
# Completely block access to PHP files
<FilesMatch "\.(php|phps|html|htm|jsp|asp)$">
Order allow,deny
Deny from all
</Files>
# Add in any additional types to block
That covers PHP and CGI, you should do matching commands for JSP and ASP
UPDATE: Added code to completely block access to PHP files - sorry, thought initially that you simply didn't want them executing. Also note that I've commented out the line that turns PHP files into text files.
I have a wordpress site running, and currently anyone can view the uploads directory by visiting
http://site.com/wp-content/uploads
I want to stop this directory from being viewed in a browser but I want a subfolder to be viewable (eg. http://site.com/wp-content/uploads/PublicUploads). I have tried setting
IndexIgnore *
in the uploads folder, but I cannot work out how to set the sub folder back to visible.
Any help would be appreciated
Most people use
Options -indexes
To make a subdirectory visible again, you'll need to put a .htaccess file inside that subdir, with Options +indexes inside it.
Using mod_rewrite you can block direct access to wp-content/uploads directory like this:
RewriteRule ^wp-content/uploads/?$ - [F,NC]
Keep in mind that this will only block browsing of /wp-content/uploads contents but will allow /wp-content/uploads/PublicUploads or any /wp-content/uploads/foo.