I have an "upload" directory where users can upload confidential files (jpg, png, pdf). Each user gets assigned a folder inside upload, ex: /001/, /002/, ..., /999/, etc.
I want these files to be accessible only through SFTP, so the url http://example.com/upload/259/image.jpg should return a 403 error message.
I tried many variations, but still the files can be accessed through the url.
location ~ /upload/\.(jpe?g|png|gif|ico)$ {
deny all;
return 403;
}
Any thoughts?
You still need to match that part: '/259/image'
This should work:
location ~ /upload/.*\.(jpe?g|png|gif|ico)$ {
deny all;
return 403;
}
If access to /upload is only via sftp, then this is all you should need:
location ^~ /download/ {return 403;}
By skipping the regex cycle with ^~ you'll improve performance. Also your configuration will scale with fewer problems by not using a regex location. A prefix location can go anywhere, but not a regex location. The first regex match will be used which can lead to confusion down the road.
Related
I'm using this code inside server block to force download mp3 files
location ~ /mp3folder/.+\.mp3$ {
types {
application/octet-stream;
}
}
I want to specify multiple extensions like mp4, wmv, flv ... what changes should make for this?
You can use
/mp3folder/.+\.(mp3|mp4|wmv|flv)$
I'm using nanoc to build a static website which has a PHP script for sending mails. Simplified structure:
/content/index.html
/content/contact.html
/content/mail.php
However, when I do a nanoc compile everything is fine in my output folder:
index.html
contact/index.html
mail/index.php
But I can't call the PHP script when doing a nanoc autocompile. /contact/ works, but /mail/ does not.
This is a part of my Rules-file:
route '*' do
if item.binary?
# Write item with identifier /foo/ to /foo.ext
original_filename(item)
else
# Write item with identifier /foo/ to /foo/index.extension
item.identifier + "index.#{item[:extension]}"
end
end
PHP is treated as non-binary. Does anyone know how I can get this to work with autocompile?
If anybody is having similar problems: I found the answer:
The autocompiler does not have support for PHP files. If a directory
is requested, the autocompiler looks for an index.html file in it, but
it will ignore an index.php file. The autocompiler can’t find a MIME
type for it, so it sends the file as application/octet-stream back to
the browser.
It's pretty obvious, but I did not have in mind that autocompile runs a light-weight server with no PHP support (of course).
I need add a rewrite rule in my plugin, and distribute it with my code. All works fine if I put the rule in the .htaccess in the WordPress root folder, but I need distribute the plugin with my rule.
I try to put a .htaccess inside the plugin folder and try to use the add_rewrite_rule function but doesn't works either.
Here the .htaccess code that works correctly in WordPress root folder but doesn't works in my plugin folder:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule my-plugin/pages/tp(.*)\.php$ wp-content/plugins/my-plugin/pages/request.php?pid=$1
</IfModule>
I try the follow code in my plugin but doesn't works either:
add_filter( 'query_vars', 'add_query_vars' );
function add_query_vars( $query_vars )
{
$query_vars[] = 'pid';
return $query_vars;
}
add_action( 'init', 'add_init' );
function add_init()
{
$plugin_url = 'the-path-to-my-plugin-folder';
add_rewrite_rule('my-plugin/pages/tp(.*)\.php'
, $plugin_url . 'pages/request.php?pid=$matches[1]','top');
global $wp_rewrite;
$wp_rewrite->flush_rewrite_rules(); // I know this should be called only one time, but I put it here just to keep simple the sample code
}
But I always get the error that the URL wasn't found.
What I'm doing wrong? How can I do what I need? I searched for similar questions but none solve my problem.
My plugin folder structure is:
Main folder: /wp-content/plugins/my-plugin
------ /pages (sub folder)
-------------/request.php (script that should receive the request)
NOTE: WordPress Rewrite API is not the same as Apache Rewrite module.
WP Rewrite API doesn't redirect a request to another URL, it used to
parse current URL and fill query_vars array.
The issue is in the second parameter of you add_rewrite_rule function call. It has to start from index.php? and then there should be your arguments, like pid, for example:
"index.php?pid=$matches[1]...."
So your add_init function should be like this:
add_action( 'init', 'wpse8170_add_init' );
function wpse8170_add_init()
{
add_rewrite_rule('my-plugin/pages/tp(.*)\.php', 'index.php?pid=$matches[1]', 'top');
}
Don't forget to flush rewrite rules by visiting Settings » Permalinks page.
Further reading:
The Rewrite API: The Basics
The Rewrite API: Post Types & Taxonomies
WP handles the plugins from the /wp-admin directory with a PHP script (admin.php), like this:
http://MyWP.com/wp-admin/admin.php?page=MyPlugin/module.php
Therefore, .htaccess files in the plugin directory are not parsed when the plugin is called. They have to be placed in the wp-admin directory or in the root directory, as you already found out.
Although copying the .htacces file to the root directory when the plugin is installed -and deleting it when it is removed- is possible, I don't think it is the best option. Having .htaccess files in the WP space doesn't seem like a good idea.
Your second approach looks much better: Creating rewrite rules in the main script.
Looking at your code, I think the problem are the pattern (Incoming URL string to match) and possibly the substitution URL path ($plugin_url in your question).
The $rule parameter in the add_rewrite_rule() function should capture a segment of the URL (Above) used to call the plugin's modules.
I can't suggest anything else because you don't supply enough information about the plugin and it's directory tree, except what can be guessed from the regex in the rewrite rule. But, this is a general idea of a way to achieve what you need.
PHP 5.2.17
joomla 1.6.4
1and1 Linux shared server
php is running as cgi
Hi, I am trying to use a custom php.ini throughout my website. I know I can put a php.ini file in each folder, but that would not be feasible.
I searched online and found the following method:
1 - create your custom php.ini file and put it inside path/to/your/website/cgi-bin folder
2 - create the following php.cgi file
#!/bin/sh
exec /usr/local/bin/php5 -c path/to/your/website/cgi-bin
3 - upload php.cgi to /path/to/your/website/cgi-bin
4 - chmod +x php.cgi to make it executable
5 - include the following line inside .htaccess in my website root
Action application/x-httpd-php5 /path/to/your/website/cgi-bin/php.cgi
According to my understanding, after doing the above, php scripts on my website would start using my custom php.ini file instead of the default one.
Anyone can help? I spent a better part of the day trying to resolve this issue without success.
By the way, my account root (one level above my website root) has a .htaccess file with the following lines:
AddType x-mapp-php5 .php
AddHandler x-mapp-php5 .php
Thank you.
UPDATE 9/2/2011 - 19:37
tried including the following statement in .htaccess
SetEnv PHPRC /path/to/my/website/cgi-bin <- where my custom php.ini file is located.
According to this website it should have worked -> http://support.premiumreseller.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=85
But still nothing.
I will keep trying.
Any help appreciated!!!
UPDATE 2 - 9/3/2011 - 0:03 (WORKAROUND)
So, I couldn't find a solution for my problem. I decided to create a small php script to create hard links to php.ini in each directory that has a php script.
See below the code in case you are curious:
<?php
define('ROOT_DIR', $_SERVER['DOCUMENT_ROOT']);
define('FILE_PHPINI', ROOT_DIR . "/cgi-bin/php.ini");
processdir(ROOT_DIR);
function processdir($path)
{
$FlagNoPHP = true;
$localPHPINI = $path . "/php.ini";
foreach ( new DirectoryIterator($path) as $file)
{
if (!($file->isDot()))
{
if ($file->isDir())
{
processdir($path . "/" . $file);
}
else if ($FlagNoPHP && fnmatch("*.php*", $file))
{
$FlagNoPHP = false;
if (!file_exists($localPHPINI))
{
link(FILE_PHPINI, $localPHPINI);
}
}
}
}
if ($FlagNoPHP)
{
if (file_exists($localPHPINI))
{
unlink($localPHPINI);
}
}
}
?>
The above code looks inside each directory in my website and:
1 - if there is a php script and NO php.ini, creates a hard link to php.ini
2 - if there is NO php script and there is a php.ini, deletes the hard link (done in the last if of the function). I included this in order to clean up the filesystem of old php.ini files.
This worked for me.
I am still curious about an answer to my original problem.
I hope this helps someone!
Seems like you're taking the long way. Just modify .bashrc:
export PHPRC="/Volumes/Mac_Daddy/web_curr/public_html/php_osx.ini"
Result:
Configuration File (php.ini) Path: /usr/local/php5/lib
Loaded Configuration File: /Volumes/Mac_Daddy/web_curr/public_html/php_osx.ini
Scan for additional .ini files in: /usr/local/php5/php.d
Additional .ini files parsed: /usr/local/php5/php.d/10-extension_dir.ini
Or create an alias:
alias myphp="/usr/local/php5/bin/php -c /somewhere/someplace/php.ini"
or better yet man php.
I have a lighttpd server with website placed in /home/httpd/example.com/httpdocs and there I have a file called file.php. When I type http://en.example.com/file.php I would like to display file.php that is in default website directory (mentioned above).
So I used document-root described here:
http://redmine.lighttpd.net/wiki/1/Server.document-rootDetails
in this manner:
$HTTP["host"] =~ "en.example.com/file.php" {
server.document-root = "/home/httpd/example.com/httpdocs/"
}
But unfortunately when I type http://en.example.com/file.php into browser I get error 404. What I do wrong and how can I fix it to work?
In the case of the example URL http://en.example.com/file.php, the host is just en.example.com and not en.example.com/file.php (/file.php is the URL path). So try this:
$HTTP["host"] =~ "en.example.com" {
server.document-root = "/home/httpd/example.com/httpdocs/"
}