I have password protected a directory called 'admin' using the usual .htaccess method:
AuthType Basic
AuthName "restricted area"
AuthUserFile xx.xxx.xxx.xx/public_html/admin/.htpasswd
require valid-user
When I load the home page of the site which is password protected, I log in and home page loads fine, but then when I click a link to load a sub-page, the home page just reloads. There are links which open pop-ups and these pop-ups are also containing the home page when they should be loading forms etc..
Is there something missing in my .htaccess file?
I have a Wordpress install in the root with its usual htaccess but this admin directory is created from a subdomain so is (or should not be) affected by the Wordpress htaccess.
If this subdomain is pointing to a subdirectory off the main domain's document root (which is what it looks like) then the parent directory's "WordPress" .htaccess will affect this. .htaccess files are inherited along the filesystem path.
Since WordPress uses mod_rewrite you can prevent mod_rewrite from being inherited by simply enabling the rewrite engine in the subdomains .htaccess file:
RewriteEngine On
AuthType Basic
# etc...
Other modules will still be inherited, although the default WordPress install does not use any other modules.
Alternatively you can try adding an exception to the parent directory's .htaccess file, in order to exclude it being processed when accessing the subdomain (or rather only process it when accessing via the main-domain). Add the following to the top of the WordPress .htaccess file:
RewriteEngine On
RewriteCond %{HTTP_HOST} !=example.com
RewriteRule ^ - [L]
Where example.com is your main-domain. Which basically says if the host is not the main-domain then abort.
Related
I have a website running on a server. It's just an index.html with a hello world text. Also, I have a folder named /vpn which contains various txt files and an index.html file.
If I try to access the URL domain/vpn, it shows me the content of index.html.
I just need to show the files inside the folder vpn when the user tries to access domain/vpn.
I created an .htaccess file with the next content in the root:
RewriteEngine on
<If "%{REQUEST_URI} == '/vpn/'">
DirectoryIndex disabled
Options +Indexes
</If>
When I try to access to vpn, it shows me a 404 error, the requested URL was not found on this server.
.htaccess is applying the DirectoryIndex rule (If a delete it, it shows me index.html content again), but not the Options +Indexes one.
I tried the same example in localhost (with XAMPP) and it's working fine.
What can be the problem?
PD: This is the content of apache2.conf file:
When I try to acces to vpn, it shows me a 404 error, the requested URL was not found on this server.
If you are getting a "404 Not Found" then it would imply that mod_autoindex is not actually installed on your server (consequently Options +Indexes has no effect - although it would seem from your server config that Indexes is perhaps already enabled).
mod_autoindex is the module responsible for generating the directory listings.
I created an .htaccess file with the next content in the root:
Personally, I would create an additional .htaccess file in the /vpn directory instead:
DirectoryIndex disabled
Options +Indexes
And disable Indexes (and set DirectoryIndex) in the root .htaccess file.
NB: RewriteEngine has no place here, unless you are overriding a parent config.
If I try to access the url "domain/vpn"
Note that you should be requesting domain/vpn/ (with a trailing slash). If you omit the trailing slash then mod_dir issues a 301 redirect to append it.
I have my website inside the following path on my remote web hosting server:
~/public_html/website/app
and need to find a way to show it when typing:
mydomain.com
so without the need of typing the full path:
mydomain.com/website/app/
One solution that came to my mind was to create a index.php file inside my root folder to automatically redirect to ./website/app/:
<?php
header('Location: ./website/app/');
exit;
but then I need to rewrite the URL in order to go from:
mydomain.com/website/app/
to:
mydomain.com
and I did not find a way to do that!
So, what do you think I should do to obtain that result and show my website under /website/app/ when accessing:
mydomain.com
and do not show the /website/app/ folder names?
Thanks a lot!
edit:
I was forgetting that I also have the website/server path so I need a rule that keeps valid the requests containing mydomain.com/website/server/.
Plus, I cannot use:
Options +FollowSymLinks
on my hosting (for security reasons), it's overridden by:
Options +SymLinksIfOwnerMatch
You have two options to do that.
If you just want to show the /website/app directory for your root url / then you can use DirectoryIndex directive .
DirectoryIndex website/app
This will show you the index file from /website/app folder if you visit the your root URI ie : example.com/ .
If you want to server files and directories from the /website/app instead of the / folder then you can use a RewriteRule that rewrites your root level requests to the subfolders .
RewriteEngine on
RewriteRule !website/app /website/appâ„…{REQUEST_URI} [L]
I am trying to host a website that is setup with links in the format /css/file.css and /js/file.js and I'd like to set it up in a sub-directory on an existing domain for demo purposes.
So
/demo/css/file.css is the true path
But the demo/index.php references
/css/file.css
I can have a custom .htaccess file within the sub-directory.
Is this possible without touching the main site on my domain?
If the request is for /css/file.css then rules have to be placed in root .htaccess not in /demo/ directory.
You can use this code in your DOCUMENT_ROOT/.htaccess file:
RewriteEngine On
RewriteRule ^((?:css|js)/.+)$ /demo/$1 [L,NC,R=302]
I would use the hosting for live testing, but I want to protect access and prevent search engine indexing.
For example (server directory structure) within public_html:
_private
_bin
_cnf
_log
_ ... (more default directories hosting)
testpublic
css
images
index.html
I want index.html is visibile to everyone and all other directories (except "testpublic") are hidden, protected access and search engines not to index.
The directory "testpublic" I wish it was public but may not be indexed in search engines, not sure if this is possible.
To do understand that I need 2 files .htaccess.
One general in "public_html" and other specific for "testpublic".
The .htaccess general (public_html) I think it should be something like:
AuthUserFile /home/folder../.htpasswd
AuthName "test!"
AuthType Basic
require user admin123
< FilesMatch "index.html">
Satisfy Any
< / FilesMatch>
Can anyone help me create the files with the appropriate properties? Thank you!
You can use a robots.txt file in your root folder. All standards-abiding robots will obey this file and not index your files and folders.
Example Robots.txt that tells all (*) crawlers to move on and index nothing.
User-agent: *
Disallow: /
You could use .htaccess files to fine tune what your server (assuming Apache) serves out and what directory indexes are visible. In which case you would add
IndexIgnore *
To your .htaccess file to disallow indexes.
Updated (Credit to https://stackoverflow.com/users/1714715/samuel-cook):
If you want to specifically stop a bot/crawler and know its USER AGENT string you can do so in your .htaccess
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} Googlebot
RewriteRule ^.* - [F,L]
</IfModule>
Hope this helps.
I have a domain, mattpotts.com and have set up a sub-domain dev.mattpotts.com for me to develop on and will then copy the files to the normal domain when they're ready to go.
My directory structure is as follows and dev.mattpotts.com points to dev/
+-public_html/
+-project1/
+-project2/
+-project3/
+-dev/
+-project1
+-project2
+-project3
I basically want to be able to go from http://mattpotts.com/project1 to https://dev.mattpotts.com/project1 by adding dev..
I have the following .htaccess in dev/ and it works, all this needs to do is force https.
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} dev
RewriteRule ^(.*)$ https://dev.mattpotts.com$1 [R,L]
I want to force https so that I can securely use http auth on the directory. However, when I combine it with the following rules, it doesn't work. I have my .htpasswd set up but I've not even had the login form show up yet.
AuthType Basic
AuthName "Dev Protected Area"
AuthUserFile .htpasswd
Require valid-user
How can I successfully combine the to set of .htaccess rules?
Edit, very strange things are happening!
https://dev.mattpotts.com/project1/ displays 'hello!' from non dev version of site (note https)
http://dev.mattpotts.com/project1/ displays 'hello dev!' (as desired) from dev version. What's going on here?!
You've told us where your .htaccess file is, but you haven't told us where your .htpasswd file is. According to the Apache documentation on AuthUserFile:
Syntax: AuthUserFile file-path
File-path is the path to the user
file. If it is not absolute (i.e., if
it doesn't begin with a slash), it is
treated as relative to the ServerRoot.
So in other words, it is looking for the .htpasswd in somewhere like /etc/apache2/.htpasswd. So either move your .htpasswd file there, or make your directive contain an absolute path to the file, e.g.:
AuthType Basic
AuthName "Dev Protected Area"
AuthUserFile /home/mattpots.com/public_html/dev/.htpasswd
Require valid-user
However, for security reasons, I highly recommend keeping your .htpasswd file outside of your document root.
These issues should be independent of each other: do I understand correctly that the "force HTTPS" part works?
That said, AuthUserFile .htpasswd may be looking for .htpasswd in the wrong place. The easiest fix is to put the full path and name there, e.g. AuthUserFile /home/matt/www/public_html/dev/.htpasswd (or wherever you have the dev directory).