I want to set up a maintenance page for my site (that visitors would see) but I also want to allow devs a way to still be able to access the site and test things (though this last bit, access for devs, is a request from a project manager... not sure it's the best way to do this as it seems like we should test on a staging server).
The site is nodejs based and runs on an nginx server via a proxy_pass.
The way I would have done this under apache is to permit a get param to be passed in that would allow a dev to circumvent being redirected to the maintenance page. Can't seem to figure out how to do this under nginx with a proxy_pass.
I was able to get everything to redirect to the maintenance page but images and css were broken and would not load. Additionally I could not implement a GET param override.
Any suggestions on how to approach this? The various tutorials around the web and comments here on SO don't seem to work and I suspect it has to do with the proxy_pass usage. Not certain.
*edit: I saw this post on SO but my attempts to implement it ended up with the visitor being redirected to "/maintenance" and getting a server error instead of my maintenance page. Also, it doesn't address overriding the redirect.
This is going be a question of how you decide to filter users. If you can filter access on IP address, cookie, or some other request aspect, then it's possible to use an if directive to redirect/rewrite all other users to the maintenance page. You mention using a GET parameter -- this condition would be an example of that (using $arg_PARAMETER as documented here):
server {
if ($arg_secret != "123456") {
rewrite ^(.*)$ /maintenance$1 break;
}
location /maintenance {
#root directive etc
}
location / {
#proxy_pass directive etc
}
}
Or you could invert the condition and configuration, and only proxy_pass for the condition being true. However, ``if` directives can be problematic (see http://wiki.nginx.org/IfIsEvil) so try before deploying.
As for the issue you've found with images and CSS not loading, you'll need to ensure that these maintenance resources always continue to be served because they were likely being affected by redirection rules as well. An example location directive could be like so:
location ~ /(.*\.css|.*\.jpg) {
root /var/www/maintenance;
}
Related
I would like to have the following setup using .htaccess.
domain.com/test/hello.php or domain.com/index.php or any other link must show only domain.com in the URL.
Kindly share your views on this.
As implied by Jon Lin, this is not directly possible as the server cannot guess what content should be loaded. The simple rule of HTTP is that each request has its own response.
Furthermore, it should be noted that, if it were possible (by some kind of magic - perhaps by the use of AJAX), it wouldn't be good for SEO, as Google/Bing/whatever wouldn't be able to index your site.
If you really wanted to mimic the behaviour, you could run the following HTML5 History API method in JavaScript:
window.history.pushState("", document.title, "/");
This will change the address bar to show only your domain name, and will more than likely have side-effects.
Ok I'm extremely noob to nginx and did something very stupid. I wrote the following code in my sites available file. Deleting it doesn't seem to undo it.
location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
rewrite ^/(.*)/$ /?page=$1 last;
rewrite ^(.*[^/])$ $1/ permanent;
}
I wrote this before I fully understood what it meant and since have removed it from my configuration file. Despite removing this it looks like it is still effecting one page of my website. I have tried different browsers other than the one that I loaded this page on when the rule was applied and it is still not serving the images correctly.
How can I undo this?
The site is not yet public so I'm not worried about other people's browsers catches still redirecting after this issue is resolved.
Is there a place in my server that is continuing to redirect despite the rule no longer in my sites-available and sites-enabled folder? It is a linux/ubuntu server and so far this is the first site that this server is running.
Thank you for any help or ideas on how to solve this!
According to the rfc2616 section 10.3.2 about http status 301
The requested resource has been assigned a new permanent URI and any
future references to this resource SHOULD use one of the returned
URIs. Clients with link editing capabilities ought to automatically
re-link references to the Request-URI to one or more of the new
references returned by the server, where possible. This response is
cacheable unless indicated otherwise.
A lot of browsers use that to cache the response locally, so that it doesn't waste another request when calling the same URL, unlike 302 which redirects but doesn't cache.
To solve this you just need to clear the local cache, and not even the whole cache, if you did this today you could just clear today's cache and every thing will be back to normal.
If you have add this location block to your/one of your site conf in nginx/sites-available and thereafter symlinked the file to nginx/sites-enabled, it can only be in the nginx/sites-available/site.
However if you copied /nginx/sites-available/site to nginx/sites-enabled/site you also have to delete the file in sites-enabled...
To be sure, did you reload nginx after deleting configuration ?
this is a broader question than I would probably ask of the CartThrob folks, which is why I'm posting it here. What would the community recommend as far as SSL is concerned with CartThrob? The store functions are limited to a couple of key template groups. So my thinking was perhaps the best way to handle it would be htaccess on the basis of the presence of those URL segments. I would like to return the user to a non-SSL connection when they are not in the store area. So a trigger might be the first segment being "basket" or "account" for example. Or what about an in-template redirect to the secure URL? Very interested to hear the community's suggestions on how best to handle SSL within a given area of an EE site. I'm interested in whatever makes the most sense to implement, while also ensuring that, for example, all assets - even those loaded with path variables - are loaded via SSL. Thanks all!
I've always used CartThrob's https_redirect tag (docs) on my checkout screens, which will rewrite your {path}, {permalink} (etc)-created URLs to use https, as well as redirect you to the https:// version of your page if necessary.
That, combined with using the protocol-agnostic style of calling scripts and stylesheets should get you most of the way in getting your secure icon in the browser.
(Example:)
<script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.9.1/jquery-ui.min.js"></script>
update
Here is the situation:
I'm working on a website that has no physical folder structure. Nothing had been planned or controlled and there were about 4 consecutive webmasters.
Here is an example of an especially ugly directory
\new\new\pasite-new.asp
most pages are stored in a folder with the same name as the file, for maximum redundancy.
\New\10cap\pasite-10cap.asp
\QL\Address\PAsite-Address.asp
each of these [page directories]? (I don't know what else to call them) has an include folder, the include folder contains the same *.inc files in every case, just copied about 162 times for each page directory. The include folder was duplicated so that the
<!--#include file="urlstring"--> would work correctly due to lack of understanding of relative paths, and the #inclue virtual directive or using server.execute()
Here is a picture if my explanation was lacking.
Here are some of my limitations:
The site is written in ASP classic
Server is Windows Server 2003 R2 SP2 , IIS 6 (According to my resource)
I have no access to the IIS server
I would have to go through a process to add any modules or features to iis
What changes can I make that would allow me to move pages around and rename them while not breaking incoming links from external sites that still use the poorly formed URLs?
To make my question more specific.
How can I move the file 10cap.asp from \new\10cap\ to a better location like \ and rename the file to someting like saveourhomescap.asp and not break any incoming links and finally, not have to leave a dummy 10cap.asp page in the original location with a redirect to the new page.
Wow, that's a lot of limitations to deal with.
Can you setup a custom error page? If so you can add some code into a custom error page that would redirect users to the new page. So maybe you create a custom 404 page, and in that page you grab the query string variable and based on that send the user to the correct "new" page. That would allow you to delete all of the old pages.
Here is a pretty good article on this method: URL Rewriting for Classic ASP
Well, you have a lot of limitations and especially no access to the IIS server hurts. An ISAPI module for URL rewriting is not an option here (IIS) and equally a custom 404 page where you could read the referer and forward with a HTTP 301 won't work (IIS).
I would actually recommend you to go through the process and let them install:
An ISAPI URL rewriting module
or if that doesn't work (for any reason):
Let them point the HTTP 404 of your web to a custom 404.asp, read the referer and redirect with a HTTP 301 (Moved Permanently) to your new location.
If none of this is an option for you, I can think about another possibility. I haven't actually tried that so I'm not 100% sure if it will work, but in theory it sounds good ;)
You could make in your global.asa in the Session_OnStart event a Response.Redirect or change the header of your response to a HTTP 301. This will actually only work for new users and not fix real 404 errors. Sorry, for the pseudo code, but it's a while ago that I had anything to do with classic ASP and I think you'll get what I mean ;)
sub Session_OnStart
' here should be a Select Case switch or something like that
Response.Redirect("newlocation.asp")
' or if that will work, this would be better (again with switch)
Response.Status = "301 Moved Permanently"
Response.AddHeader "Location", "http://company.com/newlocation.asp"
end sub
Hope that helps.
I recommend using URL Rewrite for that, see the following blog about it, in particular "Site Reorganization":
http://blogs.msdn.com/b/carlosag/archive/2008/09/02/iis7urlrewriteseo.aspx
For more info about URL Rewrite see: http://www.iis.net/download/URLRewrite
You can try ISAPIRewrite since it's classic ASP + IIS6
http://www.isapirewrite.com/
They have a lite version which is free, probably good enough for your use.
urlrewrite will only work if you can install a dll on the server
one of these articles will help
http://www.google.com/search?hl=en&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&hs=qRR&q=url+rewrite+classic+asp&btnG=Search&aq=f&oq=&aqi=g-m1
basically you have to point 404 errors to an error page which will parse the incoming querystring / post info and redirect user to correct location with incoming parameters added.
variations on that theme will be found in the examples fro google.
I'm in a development environment and we're using basic .htaccess/.htpasswd authentication to keep lurkers out. But some of my AJAX calls are coming back with HTTP/401 authentication failed errors. Is it possible for me to allow access only to those specific URL's? I can't easily do it by popping a new .htaccess in a subfolder because CodeIgniter uses ReWrites.
It's not possible to allow access only to those specific URL's. Unfortunately, .htaccess and .htpasswd authentication operates on a directory level only. And you're exactly right about why just using a subdirectory won't work - b/c of CI rewrites, which happen AFTER Apache has transferred control to CodeIgniter's index.php front controller.
The easy option, if you're working on something that (1) is not likely to be hacked in the first place, and (2) can't reveal sensitive data even if it is, is to use security via obscurity. Don't have any links to your dev site, include a noindex directive for search engine crawlers, and go on your merry way. This also has the advantage that you can test versions of the site with your colleagues and friends by just telling them the URL to go to.
If you're more worried about security, then you're probably building an auth module for your website's users. In that case, for your dev environment, just call that auth module in the constructor for all of your controllers, and redirect to the login page if the user is not logged in.
Good luck!