CakePHP directory redirection - .htaccess

How to prepare .htaccess file to block strange redirect...
When site is created in Cake, and we input address some like this: http://example.com/css, we are redirec to to http://example.com/app/webroot/css (403 Forbidden).
I think is the problem of .htaccess, but maybe no. The better solutions will be redirect to / or listing files if we can.
How solve this?

Cake expects http://example.com/css to redirect to http://example.com/app/webroot/css, which is where you should be keeping all your css files. You'll notice that doing things like echo $this->Html->css('style'); , the standard cake way for linking to a css style, it will create a link to http://example.com/css/style.css even though the file should be actually located in http://example.com/app/webroot/style.css. You do not want people to be able to look at http://example.com/css, since that is your css folder. If they can browse your file structure, they could potentially do bad things. So don't alter your .htacess file. As you said, whatever you're trying to do is most likely better done another way.

Related

Setting up .htaccess for the first time

Totally lost on how to set up a .htaccess file, bunch of stuff and only been able to redirect and set index.
I have a site https://subdomain.domain.com/views/list.html and I want it to show up as https://subdomain.domain.comIve been able to hide the views/list.html from that main page with DirectoryIndex views/list.html but when i come back to it from within the website it still shows up as subfolder.Also is it possible for other subfolder files to not show up as subfolder but as something else? e.g. https://subdomain.domain.com/views/add.html show up as https://subdomain.domain.com/addproduct
Have you thought about trying PHP indexing? Make a folder structure and place the indexer in the correct folder. As for the subbing, it should be possible, least from what I recall.

AGAIN: how to hide subdirectories in browser bar with htaccess

Sorry to bother you perhaps again, but I can't get it working after trying at least 30 answers already given on this subject!!
I use a somewhat deep directory structure and the I would like to rewrite the address browser bar of all subdirectories been replaced by one: simply (www.)example.com/subdirname. Even if I redirect from within the subdirectories to a higher level.
In other words:
So I have: http://www.example.com/subdirname ----> this what I would like to show every time. Here is also my main index.html located.
Then the structure beneath is e.g. www.example.com/subname/text/image/magazine/xxx.html
I have tried all the REWRITE CODES available (well, practically). But nothing works.
Can and will someone please give me the ultimate answer how to code this in htaccess? Please don't forget to tell me please, in which directory I should place this htaccess (allthough I tried all).
By the way, I don't care about SEO - the (sub-)pages don't have to be 'searchable'.
By the way, this is a site which I like to protect a little against theft, since it concerns my living of bookselling.
Thanks a lot beforehand!
Rokus
There is one way to do this, a frame redirect.
That'll always show the same URL in the address bar - but it's trivial to find the actual URL for anyone with the slightest bit of technical knowledge.
Users will also be unable to link to a specific page or magazine.
If you have intellectual property you want to protect, it might be worth looking into other, more suitable ways to do so.

CakePHP nice urls - how to prevent normal urls from working

I have a website that's written using CakePHP. I've added some rewrite rules in the .htacces file to change the default urls to different ones (instead of /controller1/action1/parameter I have /some-string-about-controller-and-action/parameter, for example).
The problem is that now both the normal url and the nice one are available, and google seems to be indexing both, which is a problem. I'd like to only keep the nice one, which is the proper way to handle this so that it affects the google results as little as possible?
I don't know why you don't want to use cakes own routing (if you are having trouble doing what you want, you can accomplish what you want with a custom route class), then make sure that you redirect all relevant URL's in your .htaccess file to the desired URL using a MOVED PERMANENTLY redirect.
This way google will index the target url instead of the one that is undesirable. You are right to take offense to this, double indexing is a great way to harm your SEO rankings.

.htaccess or symbolic link (symlink)

I have a website with multiple folders and I was trying to fix them in my .htaccess. After a little while, I have a big .htaccess with rules that conflicts.
Now every time I want to add a folder I have to add it to the .htaccess.
I did some research and I found out I can create symbolic link instead, so no more .htaccess
In both solution I have to create or modify something so for me its the same result at the end but is it a better practice to create instead symbolic link ?
Symbolic links are faster yes (like Aki said) but here's my thoughts on this.
if you have images, css or js files then you don't need to rewrite or create symbolic links. You can use the full URL (eg /images/...) or use a common domain like i.domain.com (or anything you want) and refer all your JS, Images and CSS there. Eg: i.domain.com/logo.jpg or js.domain.com/site.js.
This way, you never have to think about rewriting rules or create links you might forget one day.
This one is very easy to manage and maintain if you need to add images, change js or update your CSS since you only have one point of entry and automatically everything be updated.
use symblink, .htaccess has to be proccesed by apache whereas the symblink are proccess by the OS which is faster.
creating 100 rules vs 100 symblink, if the rule you looking for is at the last you will have to parse all of them then use the one you need.

How to specify named subfolders in htaccess?

I have a folder structure like this /img/products/{product name}/ and then the sub folders hi, low, and thumb.
I want to use htacess to force-download any files in a 'hi' or 'low' subfolder (but not 'thumb').
I was hoping something like this would work:
<FilesMatch "\(.*)(\/hi|\/low)(.*)">
ForceType applicaton/octet-stream
</FilesMatch>
Now I'm not great with regex, but that seems to work in regex testers against paths like
/img/products/active/low/something.jpg
However it's not working on the site.
Any suggestions?
Thanks
Pete
This probably should have been a ServerFault question based on what I think that you're trying to do, but since you actually can't do what you're trying to do (the way I think you're trying to do it), I'll provide two alternatives; one that likely won't work, and another that involves a PHP script (which should hopefully be alright for you, since your question history shows you asking something about PHP before).
The Problem:
First, what I think you're trying to do, so you can correct me if I'm wrong:
# Apply ForceType to anything that's in a path that matches this
<FilesMatch "img/products/[^/]+/(hi|low)/[^/]+$">
ForceType applicaton/octet-stream
</FilesMatch>
However, this won't work, because FilesMatch only examines the filename, under the assumption that you could either appropriately place the .htaccess file, or combine the directive with a Directory statement in the server or virtual server configuration.
In your case though, this isn't possible (Well, I assume anyway, maybe you do have access to the necessary configurations, but since your question is tagged .htaccess I'm guessing probably not), given that copying a .htaccess file to every folder isn't realistic.
The Solutions:
As it turns out, mod_rewrite, along with performing all sorts of voodoo in the way of filename resolution, also gives you extensions of other Apache functionality that you would not necessarily have been able to use otherwise. Case in point, we can set the MIME type using the T flag, making the easiest solution this:
RewriteEngine On
# Force the MIME-type, but don't actually perform a rewrite
RewriteRule ^img/products/[^/]+/(hi|low)/[^/]+$ - [T=application/octet-stream]
This actually works pretty well, but chances are good that your Apache installation thinks that it knows better than you, and includes a mimes.types file in the main configuration that maps the jpg extension to image/jpeg. This value takes precedence over the RewriteRule, making it ineffective in that case.
The other solution is to create a small script that acts as the go-between, passing the appropriate headers and image data from the server to the client. You would then use mod_rewrite to pass the request on to that script:
RewriteEngine On
# For an added bit of sanity, make the test pattern even more restrictive
RewriteRule ^img/products/[A-Za-z._-]+/(hi|low)/[A-Za-z._-]\.[A-Za-z]+$ imageDownloader.php
As for the script itself, to keep this answer from getting ridiculously long, I suggest taking a look at this answer or one of the other questions on this topic, keeping in mind that it's imperative that you screen the filenames that can be downloaded for reasons of security. Note that you would be able to get the original request path from $_SERVER['REQUEST_URI'], and could use that to locate the proper image.

Resources