i have a some php files that i dont want someone to view on iframe and to access directly so i made a code that block other sites to view in iframe and just my site can iframe those php
RewriteEngine On
RewriteCond %{QUERY_STRING} !^id=[^&]+ [NC]
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !example\.com [NC]
RewriteRule .* index.html [L,QSA]
so here just example.com can view those php files on iframe (this works)
but How i can blocks users to view php files directly?
Related
I am attempting to migrate a portal (including login ability) over to a new website. The new site is designed in Wordpress and all of the expression engine files are tossed into a subdirectory outside of the wordpress install.
The entire old site (which was working and all built on Expression Engine) and copy it into the sub-directory (lets call it "old".
Then I went to the .htaccess file and
Updated /old/.htaccess with the following:
RewriteBase /old/
(it was originally RewriteBase / )
It shows that it goes to the directory but it shows my index wordpress page (that is index.php BUT it is just my home page of the wordpress install and not the log in page that I expect).
This is my .htaccess file code (inside of the "old" directory which is a subdirectory of the root directory:
RewriteEngine On
RewriteBase /assets/
# Removes index.php from ExpressionEngine URLs
RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]
RewriteCond %{REQUEST_URI} !/asysteme/.* [NC]
RewriteRule (.*?)index\.php/*(.*) /$1$2 [R=301,NE,L]
# Directs all EE web requests through the site index file
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
BUt all it does is take the page to the index page of the root.
Check your WordPress .htaccess isn't taking control because it has to pass through that htaccess file before it gets to the subfolder htaccess file (EE). So ensure this line is in the WordPress htaccess:
RewriteCond %{REQUEST_FILENAME} !-d
Which excludes physical directories on the server from being rewritten and will let requests through to the EE folder and therefore the EE htaccess.
Your ExpressionEngine htaccess file has:
RewriteBase /assets/
Shouldn't this be:
RewriteBase /old/
Try the following:
RewriteEngine On
# Removes index.php from ExpressionEngine URLs
# RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]
# RewriteCond %{REQUEST_URI} !/asysteme/.* [NC]
# RewriteRule (.*?)old/index\.php/*(.*) /$1$2 [R=301,NE,L]
# Directs all EE web requests through the site index file
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /old/index.php/$1 [L]
To isolate the problem/solution, comment out the removal of the index.php from the URL (this is if someone has specifically entered index.php in the URL). Once the site is working, add this back in.
Remove the rewrite base to simplify things and add the sub-folder into the rewrite rule. This should then resolve the issue.
I am Hosting a domain on free hosting site 000webhost, I want to redirect all files or folder that doesn't exist to my homepage. The Code, I have used is:
RewriteEngine on
rewritecond %{http_host} ^domain\.com$ [nc]
rewriterule ^(.*)$ http://www.domain.com/$1 [r=301,l]
RewriteCond %{THE_REQUEST} ^.*/index.html
RewriteRule ^(.*)index.html$ http://www.domain.com/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.html
It works, but the url doesn't change to homepage. Like if I am trying to open www.domain.com/blaa it redirects me to home page but the URL is still www.domain.com/blaa. I want it to be changed to www.domain.com.
If I am trying to open a valid directory, which exist in my root folder, it also redirects to homepage. Like if I am trying to open www.domain.com/folder, it should result in files and directories in that folder, instead of that it redirects me to homepage and web address is still same like www.domain.com/folder.
Also I want to keep using the above 2 rules to open website with WWW and index.html with www.domain.com
Please help me.
Thanks in advance.
As per your questions's title, to redirect to homepage if the request is not for a file or dir, you can use :
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ / [L]
You can also use ErrorDocument directive to rewrite non-existent requests to homepage
ErrorDocument 404 /
I'm having problems getting my website to index correctly by Google.
My folder structure looks like this:
root
- cms
- www
example.com points to the root where a .htaccess routes all requests to /www:
RewriteEngine on
RewriteRule ^(.*)$ /www/$1 [L]
Front end
The Angular front end inside /www gets data from /cms via REST api. So far so good.
What I want to achieve is that bots don't crawl inside my ajaxified /www page but instead inside /cms where I print out static contents corresponding to the URL structure in /www.
URL for static content:
/www/test1 -> Outputs nice content via REST
/cms/test1 -> Outputs text-only content for the crawler
Bot redirect
I'm redirecting the bots coming to example.com/www to /cms like this:
RewriteCond %{HTTP_USER_AGENT} (googlebot|yahoo|bingbot|baiduspider) [NC]
RewriteRule ^(.*)$ http://www.example.com/cms/$1 [R=301,L]
Site map
I also registered a sitemap with Google with the following contents:
http://www.example/test1
http://www.example/test2
and so on...
The problem
This all works fine BUT: Google is also crawling the static contents inside /cms without being redirected there by me. I only want this static subdomain to be fed through the redirect but not when Google's bot is searching for it itself. Kind of "disallowing" the bot to crawl here - but in the other hand I NEED it to crawl it. A catch 22 in my opinion.
Edit: complete .htaccess file
RewriteEngine On
# Sitemap
RewriteRule ^sitemap(-+([a-zA-Z0-9_-]+))?\.xml(\.gz)?$ /cms/sitemap$1.xml$2 [L]
RewriteRule ^sitemap(-+([a-zA-Z0-9_-]+))?\.html(\.gz)?$ /cms/sitemap$1.xml$2 [L]
# Redirect bots to static pages
RewriteCond %{HTTP_USER_AGENT} (googlebot|yahoo|bingbot|baiduspider) [NC]
RewriteRule ^(.*)$ http://www.example.com/cms/$1 [R=301,L]
# Angular HTML5 mode: Don't rewrite files or directories
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !index
# Angular HTML5 mode: Rewrite everything else to index.html to allow html5 state links
RewriteRule (.*) /www/index.html [L]
Edit 2
I have added this tag to the www page
<meta name="fragment" content="!">
to let the crawler know there's AJAX being used on the page. And I'm using the rewrite suggest by #Croises but in reaction to Google's _escaped_fragment_ re-request. Let's wait a few days...
RewriteCond %{HTTP_USER_AGENT} (googlebot|yahoo|bingbot|baiduspider) [NC]
RewriteCond %{QUERY_STRING} _escaped_fragment_
RewriteCond %{REQUEST_URI} !^/cms/
RewriteRule ^(.*)$ cms/$1 [L]
You can't redirect to static page, and ask them to index or reference the final page without crawling the "real" content.
You can rewrite your link:
# Rewrite bots to static pages
RewriteCond %{HTTP_USER_AGENT} (googlebot|yahoo|bingbot|baiduspider) [NC]
RewriteCond %{REQUEST_URI} !^/cms/
RewriteRule ^(.*)$ cms/$1 [L]
Just without R=301. Like that you show the page without redirection.
But beware of cloaking (Google and Cloaking).
I have 2 domains: main.com and addon.net
On my shared hosting account I create an addon-domain foraddon.net which automatically creates a folder in the main-domain's directory as well as a subdomain.
I want to change the accessability of the addon domain via the maindomain:
http://addon.main.com
http://main.com/addon.net/
Now both serve the index.html from addon.net
Both URLs should result in a "404 - not found" error.
What I have right now on main.com/.htaccess
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www.)?main.com$ [NC]
RewriteCond %{REQUEST_URI} ^/addon.net/(.*)$
RewriteRule ^(.*)$ 404.html [L]
And in addon.net/.htaccess
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(.*)\.main.com$ [OR]
RewriteRule ^(.*)$ http://www.main.com/ [R=301,L]
And now everything redirects to main.com:
http://main.com/addon.net/ redirects to http://www.main.com
http://addon.main.com redirects to http://www.main.com
http://addon.net redirects to http://www.main.com
My question: which rules should I add to which .htaccess-file in order to get the desired results:
addon.main.com redirecting to main.com/404.html
main.com/addon.net redirecting to main.com/404.html
addon.net serving addon.net/index.html
If you want to redirect access from anything except addon.net (and redirect the other requests to a 404 page), all you need to do is use these lines in the .htaccess file inside addon.net :
RewriteEngine On
RewriteCond %{HTTP_HOST} !^(www\.)?addon\.net$ [NC]
RewriteRule - /404.html [L]
I use a .htaccess file to rewrite my urls to make them SEO friendly, this works fine.
This file is located in the root (public_html). A website runs there too.
Now I created a directory named 'templates' which is CHMOD to 777.
I want it to be protected so these files cannot be accessed from outside.
Through directadmin I protected that folder.
Now if I use my browser to surf on the website all the urls are still SEO friedly. However when I try to surf to that protected directory (templates) it shows a 404 page that I created but shows 401.shtml as title. If I look at the url it also shows 'domain.com/401.shtml/'.
It does not ask me for an username or password either.
Now if I delete or simply rename the htaccess file (to .htaccess2) which is located in public_html (the one that arranges all the SEO friendly urls) the pages on the website do not work (obviously) but now if I surf to that /templates directory, it does ask me for an username and password and I am able to login and access the files.
This is the htaccess file I use in the root:
RewriteEngine On
ErrorDocument 404 /home
RewriteBase /
RewriteCond %{REQUEST_FILENAME} -f [NC,OR]
RewriteCond %{REQUEST_FILENAME} -d [NC]
RewriteRule ^(.*?)$ $1 [L]
RewriteRule ^(nl|NL|fr|FR|en|EN)/start\.html$ /$1/ [R=301]
RewriteRule ^([^/]*)$ /$1/ [R=301]
RewriteRule ^([^/]*)/$ index.php?page=$1 [L]
RewriteRule ^([^/]*)/([^/]*)$ /$1/$2/ [R=301]
RewriteRule ^([^/]*)/([^/]*)/$ /index.php?page=$1&subpage=$2 [L]
RewriteRule ^([^/]*)/([^/]*)/([^/]*)$ /$1/$2/$3/ [R=301]
RewriteRule ^([^/]*)/([^/]*)/([^/]*)/$ /index.php?page=$1&subpage=$2&subsubpage=$3 [L]
EDIT:
I've noticed that when I turn the RewriteEngine Off in the main htaccess file it does work too (except for the rewrite of course). Any idea's?
I found this on the web which seems to work!
The problem is that accessing protected content makes Apache send a 401 header.
I had to put the following in the .htaccess file which was located in the protected directory.
ErrorDocument 401 "Unauthorized Access"
RewriteEngine off