I have a website called
www.example.com
I have a mobile website called
m.example.com
firstly i want to redirect automatically from desktop version to mobile site (if it is mobile only.. i want to detect all mobile versions)
then I want to use an htaccess to automatically redirect the main website URL to the mobile version..
However, there is a link on the mobile version that points back to the main website called
www.example.com/?nm=1 (nm mean nomobile)
i want to set cookie for this one.. (redirect to desktop site from mobile site)
if user come again after passing time ago.. i want to check hv cookie.. (check www.example.com/?nm=1 set cookie earlier) if havent cookie automatically redirect to mobile version... if have cookie want to stay in desktop version.
How can I accomplish this via htaccess without JavaSCript.
This answer solves part of the problem for you. Just like that answer, I am not going to suggest a list with user-agents for you. Find a list that is suitable for you, and put it in the rule. The types of mobile devices, browsers in mobile devices etc is ever-changing, and this answer would be out-dated before I even posted it. You need to adapt that rule a little to prevent it from matching if the cookie "nomobile" is set to "1". You need a rule that sees the "nm=1" in the url and sets the cookie. You probably also want some kind of reset for that oookie, which I labeled "nm=0".
RewriteCond %{QUERY_STRING} nm=1
RewriteRule ^ - [CO=nomobile:1:localhost:10000]
RewriteCond %{QUERY_STRING} nm=0
RewriteRule ^ - [CO=nomobile:0:localhost:10000]
RewriteCond %{HTTP_USER_AGENT} ^(user-agent1|user-agent2|user-agent3|etc)$
RewriteCond %{HTTP_HOST} !^m\.example\.com$
RewriteCond %{HTTP_COOKIE} !nomobile=1
RewriteRule ^(.*)$ http://m.example.com/$1 [R,L]
Please check the documentation for cookies for the correct usage of the CO-flag on your specific site. The code above is not tested, but in theory it should work.
Related
I need to provide a texture URL that will be used in an online game (with a desktop software) and I need to prevent people to open the texture from their browsers and allow the texture to be opened only by that game.
The game is quite similar to Second Life, it uses part of the same engine.
I don't need an anti hacker method, just a way to prevent users that have the URL from open it in browsers.
I know someone that has done it but I don't know how, but I know is possible.
I think I need to check the HTTP header with .htaccess and filter somehow but I've not idea how.
How can I do?
Use a secret QUERY_STRING parameter while making an HTTP request from the desktop software. The htaccess can check this parameter name/value and grant access accordingly. If all your textures were present at /textures your htaccess would look like:
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_URI} ^/textures [NC]
RewriteCond %{QUERY_STRING} !(^|&)password(=|&|$) [NC]
RewriteRule ^ - [F]
If the request URL is beyond your control, you need to look at things like IP Address (in case of a static IP), or software's User-Agent HTTP header that can be used to uniquely identify and grant access to it.
RewriteCond %{HTTP_USER_AGENT} !software_id [NC]
Here, software_id denotes some part of your software's User-Agent. For example, to grant access only to iPhones one would use !iphone [NC] above.
I´m forcing ssl in my site using:
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
but im using an ad newtork that doesn´t have SSL enabled.
it is possible to displat that content without the alert of insecure content to the users?
maybe with an exception?
I don't believe you'll have any luck with that. The ad network needs to provide SSL code. The browser/client tells you that you are displaying insecure content and htaccess won't be able to hide that.
Even Google Adsense does not have SSL support. Internet explorer is typically the browser that gives the intrusive dialog warning versus other browsers show the error in the console. There are ad networks that do offer SSL though.
In Chrome, if the https connection is broken it shows it in the address bar crossed out in red. I personally don't want users to see that and think my site is not secure in certain areas just because of some ads.
I don't encrypt my whole site because I don't feel it's necessary. It seems to be a fad these days but I feel it's overkill and unnecessary most of the time. I only use SSL on important pages such as login pages, account settings or any type of payment area. Otherwise the whole site doesn't need it and will prevent users from seeing the insecure content warning. If you're whole site is not one big site of sensitive content and probably isn't sense it most likely public, maybe it's not necessary to force https on your entire site. Just a suggestion to get around the warning message.
Updated:
Try this code in regards to your comment.
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} (signup|settings)
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
I have barely any knowledge of .htaccess but I fumble with code. :)
I have one CMS with 2 domain names, each domain pulls a totally different site but managed through one back end. The sites are related so there is no real secrecy - a parent and a child.
I have one extension that must operate on one domain only. It handles payments through PayPal and PayPal restricts accounts to only one domain per organization. It is used with both domains.
I have relative linking throughout the back end so menu and article links to anything that has to do with that extension carry the domain from which it is generated. I need a way to automatically direct anything from the child site for just that extension to the parent site, both messy and SEF links.
So, here is an example:
child.com/index.php?option=com_civicrm&task=civicrm/pcp/info&reset=1&id=1
to go to
parent.org/index.php?option=com_civicrm&task=civicrm/pcp/info&reset=1&id=1
and
child.com/wildcard/wildcard
to go to
parent.org/wildcard/wildcard
The extension is com_civicrm. I need any variables after it to work. These may and may not be ".../pcp/..."
And if this matters, the back end only differs by parent.org/administrator/index.php?option=com_civicrm... so I don't want to accidentally direct the back end to the front end by accidentally losing the "administrator".
Thanks in advance,
Helen
RewriteEngine On
RewriteBase /
# if domain is child.com, and url is '/wildcard/wildcard', redirect to same url on parent.org
RewriteCond %{HTTP_HOST} child\.com$
RewriteRule ^wildcard/wildcard$ http://parent.org/wildcard/wildcard [R=302,L]
# if domain is child.com, and querystring contains 'option=com_civicrm', redirect to same url on parent.org
RewriteCond %{HTTP_HOST} child\.com$
RewriteCond %{QUERY_STRING} option=com_civicrm
RewriteRule (.*) http://parent.org/$1 [R=302,L]
Happy fumbling :-)
I have a .htaccess file with the following:
RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]
Everything is fine and works great when viewing form a mobile phone - it detects and goes straight to the subfolder where the mobile site is located. But what I am trying to figure out is how to have a link at the bottom of the mobile site that will allow the user to view a desktop version. And when they're on the desktop version I want them to be able to get back to mobile...
Can anyone help me???
As for the "View Desktop Version" link, that should just be an HTML modification on the mobile site, huh?
In order to keep users on the desktop site after they've selected the option though, you'll need to implement a way to track their client-side preferences, e.g., a cookie. Here's some info about adding a cookie-based condition to your rewrite rule: How to do htaccess redirect based on cookie value
Yes, use a cookie. You can set them with the [CO] flag, and interrogate these through %{HTTP_COOKIE} condition, e.g. add cond to the rule
RewriteCond %{HTTP_COOKIE} !force_desktop
and detect the (un)set URIs to clear/set the cookie.
I wouldn't use cookies since that might not work properly for first-time visitors or users with cookies set to disabled. I would add a pre-defined GET-parameter that forces the site to go to the non-mobile version.
One example: If your domain is www.fancysite.com that could be www.fancysite.com/nomobile. For the "nomobile" URL you define an automatic forwarding in the .htaccess. Use the [L] condition for this rewrite rule so that other conditions are ignored. If the "nomobile" string is not present, your (already working) user agent detection kicks in and the user reaches the mobile site.
See these for some details (especially under "conditions"):
http://www.addedbytes.com/for-beginners/url-rewriting-for-beginners/
http://www.cheatography.com/davechild/cheat-sheets/mod-rewrite/
I have developed a website (A) that needs to connect with another website (B) i.e only members of B can see site A
I can limit the incoming traffic on site A with a .htaccess rule to only come from site B, but anyone would still be able to manually type in the URLs or send a link via email:
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !sitea\.co.uk [NC]
RewriteCond %{HTTP_REFERER} !siteb\.co.uk [NC]
RewriteRule .? - [F]
Is there something I could do with cookies? this does not have to be very secure, just stop casual users viewing site A without first logging into site B.
The cleanest approach here is to have both sites managed by the same MODx install, but use a different context for each site/domain. You can then develop a simple snippet or plugin to allow access to Site A only if the user is logged in on Site B.
Try modifying the following Domain Gateway plugin to do this:
http://rtfm.modx.com/display/revolution20/Using+One+Gateway+Plugin+to+Manage+Multiple+Domains
This is simple to accomplish and even though not necessary here it is also very secure ;)