i'd like to make a redirect after a deny - because now, it's shows the apache Startpage.
My htaccess-code:
ErrorDocument 403 /forbidden.php
Deny from .ru
Deny from .cn
unfortunately it doesn't work, why?
thanks
thomas
This is only working if Apache can geht the DN of the client by double reverse lookup. If the reverse lookup has no result your rule will not work and the client gets access. You see, that this is not very reliable and you should switch to GEOIP.
If the deny rule is working and the desired page does not show, remember that the location is relative to the document root. So if your forbidden.php in subfolder /test you will need to set the rule like this:
ErrorDocument 403 /test/forbidden.php
Deny from .ru
Deny from .cn
Even if .htaccess and forbidden.php are in /test subfolder.
Related
My website name is: cabinets.ga
I want to deny the access to all of my folders and files in my website, so this is my code to do that:
Order deny,allow
Deny from all
<FilesMatch "index\.php">
Allow from all
</FilesMatch>
This code works fine if the user write the link with the index.php like that : cabinets.ga/index.php but if he write only the domain name without the index.php like that: cabinets.ga it will give him (Forbidden)
So i want that if he enter both the domain name with the index.php or without it the website display the index.php without Forbidden it.. Any help please?
You can actually just make the filename optional in the regex (you don't need to use mod_rewrite). For example:
Order deny,allow
Deny from all
<FilesMatch "^(index\.php)?$">
Allow from all
</FilesMatch>
This will allow direct requests to index.php and also requests for the directory (no filename) ...which results in index.php (the DirectoryIndex) being served by mod_dir via an internal subrequest (which occurs later).
Note that you can't simply permit an empty filename (ie. "^$"). Whilst this allows the initial request for the bare directory, it will result in the internal subrequest for the DirectoryIndex, ie. index.php being blocked - so ultimately the request is blocked.
Note also that this allows access to all index.php files in all subdirectories and all directories that contain an index.php index document.
However, if you are on Apache 2.4 then you should be using Require instead, since Order, Deny and Allow are all deprecated on Apache 2.4.
Require all denied
<FilesMatch "^(index\.php)?$">
Require all granted
</FilesMatch>
UPDATE: My website is a single page application has just an index.php page controls all of my website with jquery ajax request, so i want when the user writed any other links accept my domain name accept the domain name the htaccess will redirect the user to the domain name
It sounds like you need to implement a front-controller pattern. The simplest form is using the FallbackResource directive. For example:
FallbackResource /index.php
Any requests that would otherwise result in a 404 are routed to /index.php. Any static resources (CSS, JS, images etc.) remain accessible and are not routed to /index.php.
I tried to block an ip in the .htaccess, which I could do but I can't get the default 403 error to redirect to my custom 403 page. Anyone know how to do this?
ErrorDocument 403 /403/403.html
You might be denying access to the file when you block the IP in the .htaccess file.
Create another .htaccess file inside the 403 directory and in that .htaccess allow all from anyone. Then anyone should be able to see the custom 403.html page when they are blocked.
See if that will help your issue.
Update:
Here is an example.
Put the error document line in the root .htaccess file.
ErrorDocument 403 /403/403.html
Then in the .htaccess file inside the 403 directory add only this.
Order allow,deny
Allow from all
Browser Cache? http://pcsupport.about.com/od/browsers/f/clear-cache.htm
HTTP-Server restart (I don't know how it works by GoDaddy)
Is it the right path to the Error-HTML file? /403/403.html (try the absolute path?)
I figured it out
ErrorDocument 403 /error/403.html
order allow,deny
deny from xxx.xxx.xxx.xx
allow from all
I have a .htaccess in root public_html/.htaccess
Order deny,allow
Deny from .cn
I have deny ip from china
however I want lock one of folder admin folder
public_html/admin/
Is that possible to use .htaccess deny from all in specific subfolder
Is that possible to use .htaccess deny from all in specific subfolder
You could use a simple forbidden rule to deny anyone from accessing anything from a specific folder like this:
RewriteRule ^admin/folder - [F]
It would return a error 403 message like this:
Forbidden
You don't have permission to access ADDRESS on this server.
The above would forbidden anyone from accessing anything inside the folder public_html/admin/folder
Or you can simplify and just put an .htaccess on the folder you want to block with the following content:
Order deny,allow
deny from all
Put a .htaccess inside that folder withdeny from all
I have one website (www.mysite.com) that I have on a temporary redirect to another folder (www.mysite.com/tempfolder/index.php). I also host another site in the root folder of www.mysite.com called www.subsite.com. It has it's own URL, but I can't figure out how to make that entire sub-folder exempt from the redirect! Any ideas? Here is what my .htaccess file looks like right now (which is perfectly redirecting everything to the temporary landing page).
<Limit GET POST PUT>
order deny,allow
deny from all
allow from ***
allow from ****
allow from *****
</LIMIT>
ErrorDocument 403 http://www.mysite.com.com/tempfolder/index.php
<filesMatch ".(htm|html|php|css|js|php|gif|jpg|db|png)$">
order allow,deny
allow from all
</FilesMatch>
Any ideas? thanks all!
try putting an .htaccess file in the subfolder that does not contain the redirection rules. That should work just fine -- it can even be a blank file.
I have recently installed Solr on server and i want to restrict only local users can access it with .htaccess
site.com:8983/solr/admin [ restrict all user]
And below is the .htaccess code
RewirteRule on
<FilesMatch "127.0.0.1:8983/solr/admin">
Order Deny, Allow
Deny form all
Allow 127.0.0.1
</FilesMatch>
Or is there any method we can protect / restrict Solr Admin on site.com:8983/solr/admin accessing from other users
Only local ip users can use it..
And i tried this one, but its not working.
Your <FilesMatch "127.0.0.1:8983/solr/admin"> line will never match anything because you've stuck the hostname and port in the regular expression. Try using the Location container instead:
<Location "/solr/admin">
Order Deny, Allow
Deny from all
Allow 127.0.0.1
</Location>
Or better yet, Directory:
<Directory "/path/to/your/document/root/solr/admin">
Order Deny, Allow
Deny from all
Allow 127.0.0.1
</Directory>
You'll need to fill in the full path to the solr/admin directory.
Get rid of the RewirteRule on line, it doesn't do anything and it's not even spelled right and will cause a 500 error.
However, neither of these directives can be use in an htaccess file. You need to use these in either the server of vhost config. If you must use an htaccess file, then create an htaccess file in your solr/admin directory and simply put these directives in it:
Order Deny, Allow
Deny from all
Allow 127.0.0.1
Or, in the htaccess file in your document root:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !127.0.0.1
RewriteRule ^/?solr/admin - [L,F]
Check following links. Hope they will help you.
Restrict Solr Admin Access
Solr Security
Securing Solr administrative console
How to protect Apache Solr admin console