Develop Reference

.htaccess redirect not working on Magento site

I'm trying to redirect all domains that contain "getswordgrip" to .com/sandbox. This is on a Magento website. The following code seems to do the trick when I test it on https://htaccess.madewithlove.be/, but nothing happens when I activate the code on-site.
Here's the rule:
# RewriteEngine On
RewriteRule (.*)getswordgrip(.*) https://scripturememory.com/sandbox [R=301, L, R, NC, P]
And here's the entire file:
############################################
## uncomment these lines for CGI mode
## make sure to specify the correct cgi php binary file name
## it might be /cgi-bin/php-cgi
# Action php5-cgi /cgi-bin/php5-cgi
# AddHandler php5-cgi .php
############################################
## GoDaddy specific options
# Options -MultiViews
## you might also need to add this line to php.ini
## cgi.fix_pathinfo = 1
## if it still doesn't work, rename php.ini to php5.ini
############################################
## this line is specific for 1and1 hosting
#AddType x-mapp-php5 .php
#AddHandler x-mapp-php5 .php
############################################
## default index file
DirectoryIndex index.php
Deny from All
############################################
## adjust memory limit
# php_value memory_limit 64M
php_value memory_limit 256M
php_value max_execution_time 18000
############################################
## disable magic quotes for php request vars
php_flag magic_quotes_gpc off
############################################
## disable automatic session start
## before autoload was initialized
php_flag session.auto_start off
############################################
## enable resulting html compression
#php_flag zlib.output_compression on
###########################################
# disable user agent verification to not break multiple image upload
php_flag suhosin.session.cryptua off
###########################################
# turn off compatibility with PHP4 when dealing with objects
php_flag zend.ze1_compatibility_mode Off
###########################################
# disable POST processing to not break multiple image upload
SecFilterEngine Off
SecFilterScanPOST Off
############################################
## enable apache served files compression
## http://developer.yahoo.com/performance/rules.html#gzip
# Insert filter on all content
###SetOutputFilter DEFLATE
# Insert filter on selected content types only
#AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
# Netscape 4.x has some problems...
#BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
#BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
#BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Don't compress images
#SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
# Make sure proxies don't deliver the wrong content
#Header append Vary User-Agent env=!dont-vary
############################################
## make HTTPS env vars available for CGI mode
SSLOptions StdEnvVars
############################################
## enable rewrites
Options +FollowSymLinks
RewriteEngine on
############################################
## you can put here your magento root folder
## path relative to web root
#RewriteBase /magento/
############################################
## uncomment next line to enable light API calls processing
# RewriteRule ^api/([a-z][0-9a-z_]+)/?$ api.php?type=$1 [QSA,L]
############################################
## rewrite API2 calls to api.php (by now it is REST only)
RewriteRule ^api/rest api.php?type=rest [QSA,L]
############################################
## workaround for HTTP authorization
## in CGI environment
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
############################################
## TRACE and TRACK HTTP methods disabled to prevent XSS attacks
RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
RewriteRule .* - [L,R=405]
############################################
## redirect for mobile user agents
#RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
#RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
#RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]
############################################
## always send 404 on missing files in these folders
RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
############################################
## never rewrite for existing files, directories and links
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
# RewriteEngine On
RewriteRule (.*)getswordgrip(.*) https://scripturememory.com/sandbox [R=301, L, R, NC, P]
############################################
## rewrite everything else to index.php
RewriteRule .* index.php [L]
############################################
## Prevent character encoding issues from server overrides
## If you still have problems, use the second line instead
AddDefaultCharset Off
#AddDefaultCharset UTF-8
############################################
## Add default Expires header
## http://developer.yahoo.com/performance/rules.html#expires
ExpiresDefault "access plus 1 year"
############################################
## By default allow all access
Order allow,deny
Allow from all
###########################################
## Deny access to release notes to prevent disclosure of the installed Magento version
order allow,deny
deny from all
############################################
## If running in cluster environment, uncomment this
## http://developer.yahoo.com/performance/rules.html#etags
#FileETag none
###########################################
## Deny access to cron.php
############################################
## uncomment next lines to enable cron access with base HTTP authorization
## http://httpd.apache.org/docs/2.2/howto/auth.html
##
## Warning: .htpasswd file should be placed somewhere not accessible from the web.
## This is so that folks cannot download the password file.
## For example, if your documents are served out of /usr/local/apache/htdocs
## you might want to put the password file(s) in /usr/local/apache/.
#AuthName "Cron auth"
#AuthUserFile ../.htpasswd
#AuthType basic
#Require valid-user
############################################
Order allow,deny
Deny from all

I figured out another way to resolve this:
I added a rule to Magento's config.xml file to rewrite URL's meeting the necessary criteria. The following code goes inside the first <global> tag.
<rewrite>
<designer_url>
<from><![CDATA[/(.*)getswordgrip(.*)/]]></from>
<to><![CDATA[/swordgrip/]]></to>
<complete>1</complete>
</designer_url>
</rewrite>
Then, I went to app/code/core/Mage/Catalog/Model/Url.php and edited the function refreshProductRewrites. Specifically, I added a condition to exclude the store item in question from Magento's automatic URL rewrites. This was necessary, as Magento was generating it's own rewrite rules that were prioritized above my rule in the config.xml file.
$prod = Mage::getModel('catalog/product') -> load($product -> getId());
$productType = $prod -> getId();
$productVisibility = $prod -> getAttributeSetName();
if($productType === "295")
{
continue;
}
else
[more code]

robots.txt returns 404, Magento ver. 1.9.0.1 site hosted on webfusion.co.uk

I have a hosting account with webfusion.co.uk where I host a few websites. I have uploaded a robots.txt file and a sitemap.xml file. when I try visiting them: www.ledflexi.co.uk/robots.txt or www.ledflexi.co.uk/sitemap.xml. The site returns a 404 error.
I have uploaded both files to the root folder of each site (public_html/led-flex.co.uk)
Could the following lines of the .htaccess file be related to this problem?
############################################
## always send 404 on missing files in these folders
RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
############################################
## never rewrite for existing files, directories and links
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
############################################
## rewrite everything else to index.php
RewriteRule .* index.php [L]
</IfModule>
############################################
## Prevent character encoding issues from server overrides
## If you still have problems, use the second line instead
AddDefaultCharset Off
#AddDefaultCharset UTF-8
<IfModule mod_expires.c>
############################################
## Add default Expires header
## http://developer.yahoo.com/performance/rules.html#expires
ExpiresDefault "access plus 1 year"
</IfModule>
############################################
## By default allow all access
Order allow,deny
Allow from all
########################Redirection############################

please check the file name, in linux servers if the name is not in the exact case that you have typed. it will return 404. make sure the filename is 'robots.txt' (all small case)

Thanks to vilsad for replying to the question.
I found the problem, and though I'm a bit ebarrassed by it here it is: I was Uploading to the wrong accound : "led-flex.co.uk" instead of "ledflexi.co.uk".
What a Klutz!

Envoyer.io, Laravel - Attempting to access contents of directory under /public

UPDATE
It seems like any PHP files placed under /storage/app/thirdpartydirectory are not being executed, instead the Laravel NotFoundHttpException is thrown. Simple text files, images, etc are accessible via http://example.com/thirdpartydirectory.
Original question
I am building a Laravel 5 site using Envoyer.io for code deployments. The way Envoyer works, new code is pushed to the site and placed under a /releases directory, then symlinked to /current from the top level (so /current always points to the latest /releases subdirectory).
The problem is that anything I put in my site's /public directory is included in the Envoyer deployments, thus replicated every single time I push new code. I am trying to use a third party app that must have its index.php and other files/directories directly exposed to the outside world. When the app is first loaded, an installation process begins and it installs additional config files into its various folders. When I deploy my next batch of code, /public is pushed again WITHOUT the installation and cache files generated by the third party app - thus causing a loop of having to run the installation process over and over again.
I reached out to Taylor Otwell regarding this and his suggestion was to place the app in /storage/app/thirdpartyapp and then make a symlink from each release's public directory before activating each new deployment -
cd {{release}}
ln -s /home/eyf/storage/app/thirdpartyapp public/thirdpartyapp
This creates a symlink without any issues but when I try to access the app (http://example.com/thirdpartyapp), I get stuck on the Laravel NotFoundHttpException page. The app has an index.php, if I go to http://example.com/thirdpartyapp/index.php, the Laravel site's index page is loaded instead - almost as if it's totally ignoring the symlink and /thirdpartyapp in the URL.
The app does ship with the following .htaccess, not sure if it makes any difference in all of this:
<IfModule mod_alias.c>
# by default disallow access to the base git folder
RedirectMatch /\.git(/|$) /404
</IfModule>
# cache images for a while
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
</IfModule>
# compress output if we can
<IfModule mod_deflate.c>
# Set output filter for zipping content
SetOutputFilter DEFLATE
# Netscape 4.x and 4.06-4.08 have issues
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE can be an issue, for now catch all MSIE
BrowserMatch \bMSIE[56] !no-gzip !gzip-only-text/html
# Exclude file types from compression
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|pdf|zip|tar|rar|gz|dmg|mp3|mp4|m4a|m4p|mov|mpe?g|qt|swf)$ no-gzip dont-vary
# Make sure proxy servers deliver what they're given
<IfModule mod_headers.c>
Header append Vary User-Agent env=!dont-vary
</IfModule>
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine ON
# Set this if you have your installation in a subdirectory
# RewriteBase /openvbx
# By default always use SSL
#RewriteCond %{HTTPS} !=on
#RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) index.php?vbxsite=$1 [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L,QSA]
#RewriteRule ^(.*) index.php/$1 [L,QSA]
ErrorDocument 404 /fallback/rewrite.php
</IfModule>

Apparently PHP code placed under /storage in a Laravel app isn't executed. I moved the third party app's directory to the parent folder and symlinked to that, now everything works.

403 Forbidden error when accessing site from home network (Joomla)

When accessing my site from my home network, it returns a 403 Forbidden error. I've tried Chrome, Firefox & IE, reset all settings, cleared cache & cookies etc.
However, if I tether to my phone, I can access the site no problem.
My .htaccess looks OK:
##
# #package Joomla
# #copyright Copyright (C) 2005 - 2013 Open Source Matters. All rights reserved.
# #license GNU General Public License version 2 or later; see LICENSE.txt
##
##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.
##
## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks
## Mod_rewrite in use.
RewriteEngine On
## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.
## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects
##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##
# RewriteBase /
## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.
AddType video/ogg .ogv
AddType video/mp4 .mp4
AddType video/webm .webm
AddType image/svg+xml svg
Any thoughts on why this is happening?

We had the same issue with one of our clients. It turned out that his IP was blocked by ModSecurity. What happened is that he tried, unsuccessfully, to FTP to the website multiple times.
This can also happen if you're trying to add content that contains blacklisted words by ModSecurity (if you try it several times, then ModSecurity will just block your IP).
The solution to this problem is either restarting your DSL router, or calling your host to unblock your IP.

How to allow subdomain access but not folder access in Apache, htaccess?

I am using a standard web hosting service with for my own projects.
It used the main domain wwwand several subdomains. I didn't need to use any Apache ReWrite rules in my .htaccess files, and the only thing I had to do was make sure that I had my CNAME records updated. All worked fine, I just used permissions to limit access to files and folders..
I recently installed Elgg at the main wwwlevel and now all my subdomains, which remain unchanged, give a 403error. The message points to my htaccess file being the culprit.
I would like to know how I can configure the htaccess file to allow subdomains like gadgets.mydomain.com to work again but not allow access to other folders under the same domain? None of the permissions were changed they remain as 755.
This is the standard Elgg htaccess file. How would I edit it?
# Elgg htaccess directives
<Files "htaccess_dist">
order allow,deny
deny from all
</Files>
# Don't allow listing directories
Options -Indexes
# Follow symbolic links
Options +FollowSymLinks
# Default handler
DirectoryIndex index.php
############################
# BROWSER CACHING
# The expires module controls the Expires and Cache-Control headers. Elgg sets
# these for dynamically generated files so this is just for static files.
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 year"
</IfModule>
# Conditional requests are controlled through Last-Modified and ETag headers.
# Elgg sets these on dynamically generated cacheable files so this is just for
# static files. Note: Apache sends Last-Modified by default on static files so
# I don't think we need to be sending ETag for these files.
<FilesMatch "\.(jpg|jpeg|gif|png|mp3|flv|mov|avi|3pg|html|htm|swf|js|css|ico)$">
FileETag MTime Size
</FilesMatch>
############################
# PHP SETTINGS
<IfModule mod_php5.c>
# limit the maximum memory consumed by the php script to 64 MB
php_value memory_limit 64M
# register_globals is deprecated as of PHP 5.3.0 - disable it for security reasons.
php_value register_globals 0
# post_max_size is the maximum size of ALL the data that is POST'ed to php at a time (8 MB)
php_value post_max_size 8388608
# upload_max_filesize is the maximum size of a single uploaded file (5 MB)
php_value upload_max_filesize 5242880
# on development servers, set to 1 to display errors. Set to 0 on production servers.
php_value display_errors 0
</IfModule>
############################
# COMPRESSION
# Turn on mod_gzip if available
<IfModule mod_gzip.c>
mod_gzip_on yes
mod_gzip_dechunk yes
mod_gzip_keep_workfiles No
mod_gzip_minimum_file_size 1000
mod_gzip_maximum_file_size 1000000
mod_gzip_maximum_inmem_size 1000000
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/javascript$
mod_gzip_item_include mime ^application/x-javascript$
# Exclude old browsers and images since IE has trouble with this
mod_gzip_item_exclude reqheader "User-Agent: .*Mozilla/4\..*\["
mod_gzip_item_exclude mime ^image/.*
</IfModule>
## Apache2 deflate support if available
##
## Important note: mod_headers is required for correct functioning across proxies.
##
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.[0678] no-gzip
BrowserMatch \bMSIE !no-gzip
<IfModule mod_headers.c>
Header append Vary User-Agent env=!dont-vary
</IfModule>
# The following is to disable compression for actions. The reason being is that these
# may offer direct downloads which (since the initial request comes in as text/html and headers
# get changed in the script) get double compressed and become unusable when downloaded by IE.
SetEnvIfNoCase Request_URI action\/* no-gzip dont-vary
SetEnvIfNoCase Request_URI actions\/* no-gzip dont-vary
</IfModule>
############################
# REWRITE RULES
<IfModule mod_rewrite.c>
RewriteEngine on
# If Elgg is in a subdirectory on your site, you might need to add a RewriteBase line
# containing the path from your site root to elgg's root. e.g. If your site is
# http://example.com/ and Elgg is in http://example.com/sites/elgg/, you might need
#
#RewriteBase /sites/elgg/
#
# here, only without the # in front.
#
# If you're not running Elgg in a subdirectory on your site, but still getting lots
# of 404 errors beyond the front page, you could instead try:
#
#RewriteBase /
# If your users receive the message "Sorry, logging in from a different domain is not permitted"
# you must make sure your login form is served from the same hostname as your site pages.
# See http://docs.elgg.org/wiki/Login_token_mismatch_error for more info.
#
# If you must add RewriteRules to change hostname, add them directly below (above all the others)
# In for backwards compatibility
RewriteRule ^pg\/([A-Za-z0-9\_\-]+)$ engine/handlers/page_handler.php?handler=$1&%{QUERY_STRING} [L]
RewriteRule ^pg\/([A-Za-z0-9\_\-]+)\/(.*)$ engine/handlers/page_handler.php?handler=$1&page=$2&%{QUERY_STRING} [L]
RewriteRule ^tag\/(.+)\/?$ engine/handlers/page_handler.php?handler=search&page=$1 [L]
RewriteRule ^action\/([A-Za-z0-9\_\-\/]+)$ engine/handlers/action_handler.php?action=$1&%{QUERY_STRING} [L]
RewriteRule ^cache\/(.*)$ engine/handlers/cache_handler.php?request=$1&%{QUERY_STRING} [L]
RewriteRule ^services\/api\/([A-Za-z0-9\_\-]+)\/(.*)$ engine/handlers/service_handler.php?handler=$1&request=$2&%{QUERY_STRING} [L]
RewriteRule ^export\/([A-Za-z]+)\/([0-9]+)\/?$ engine/handlers/export_handler.php?view=$1&guid=$2 [L]
RewriteRule ^export\/([A-Za-z]+)\/([0-9]+)\/([A-Za-z]+)\/([A-Za-z0-9\_]+)\/$ engine/handlers/export_handler.php?view=$1&guid=$2&type=$3&idname=$4 [L]
RewriteRule xml-rpc.php engine/handlers/xml-rpc_handler.php [L]
RewriteRule mt/mt-xmlrpc.cgi engine/handlers/xml-rpc_handler.php [L]
# rule for rewrite module test during install - can be removed after installation
RewriteRule ^rewrite.php$ install.php [L]
# Everything else that isn't a file gets routed through the page handler
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([A-Za-z0-9\_\-]+)$ engine/handlers/page_handler.php?handler=$1 [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([A-Za-z0-9\_\-]+)\/(.*)$ engine/handlers/page_handler.php?handler=$1&page=$2 [QSA,L]
</IfModule>

OK I worked out what had cause the problem.
It was this line
# Default handler
DirectoryIndex index.php
Basically unless your directory uses a file called index.phpby default, the subdomain doesn't work. I commented this line. Another option would be to make sure all my index files had the .phpextension.