I have a file hosted at http://example.com/old-directory/document.pdf.
I'm not able to change the link, but I need to change the directory the file is downloaded from.
Current dir
/my/web/server/current/files/document.pdf
New dir
/my/web/server/new/files/document.pdf
What's the best method of changing the directory without changing the URL with PHP/Apache?
You can use a .htaccess to remap that location to a different directory (or just that file).
Create a .htaccess file and use this syntax to "redirect" the file:
Redirect /olddirectory/oldfile.html /newdirectory/newfile.html
This will send the new file instead of the old one when accessed.
If you need to do something more specific, this generator will work fine.
Related
Using website grabbers whole website with folder structure can be downloaded.
Is there any way to prevent this?
If so,how?
The only way to protect a websites markup is not to publish it. If you want your users to see something they need to get the HTML markup and the images, that should be displayed. And therefore the files need to be accessible. And if your files are accessible every user/bot/crawler/grabber can save these files.
The best way is to put a few files like the index page in the main directory and call the other sub pages in it. If using php then you may do the following.
Say keep the index.php in the main folder and keep the homepage.php in a directory called includes and use the homepage in the index.php via include function in php.
Now add a .htaccess file to the includes folder which must contain
"deny from all"
This way users can use the page but will not have direct access to the files. So will be for the grabber.
is there a way to deny outside access to my upload directory ?! I don't want users to access my upload directory : www.example.com/uploads
i used .htaccess in the root of my upload folder however all the links were broken
in my .htaccess :
deny from all
any solution ?
If you wish to disable directory listing, simply place 'Options -Indexes' in your htaccess.
You've applied a 'deny from all', which essentially stops ANYONE from accessing files in the directory to which it applies.
Also make sure that 'AllowOverride All' is specified in the vhost definition, otherwise you are unable to override settings via the htaccess file. That is my understanding anyway.
If you wish to disable access to the upload directory, and control which files in specific users can access, I'd recommend going through a script written in a language such as PHP. A user requests a file from the script, the script looks to see if they're allowed to view the file. IF they are, they file is displayed. IF they aren't then it is not.
References
http://www.thesitewizard.com/apache/prevent-directory-listing-htaccess.shtml
http://mathiasbynens.be/notes/apache-allowoverride-all
I have my .htaccess file, and I have a folder with config files in there, and they contain sensitive content, e.g. database details etc. What I would like to know is, how can I block access from a browser, but allow them to be accessed via my scripts?
I know that this can be achieved inside the PHP files themselves, but I'd rather use the .htaccess approach where possible.
Is this actually able to be done? I've attempted it before, but in the process of denying access to the file from the browser, it also denied access from the coding.
I have looked into this before, and some of the answers I came across suggested changing the extension to something like .inc, and then denying access to that. However, a couple of issues I have with that is that a) It instantly alerts anyone that can see that filename, for whatever reason, that it is a config file. Also, b) If my denial code breaks, browsers will not parse it as a PHP file, but rather an inc file, meaning it will print the code in the browser.
Basically, can this be done within a .htaccess file, or do I need to put something in the header of every config file?
Put these files outside of your web server's document root.
You can still access them via your server-side scripts, but this ensures no direct access to them from the outside world.
The conventional advice is to place such files "outside of your web server's document root". This is all well and good, but many shared hosting offerings only give write access to your public_html directory.
I use a simple convention: any private content (that is not URI addressable) is prefixed by an underscore or in a directory that's name is prefixed with an underscore (eg. _private or _include). I then include this rewrite rule in my DOCROOT .htaccess file:
# if a forbidden directory or file name (starting with a . or /)
# then raise 404 Fatal return
RewriteRule (^|/)[_.] - [F]
Remember that you'll need to prefix with a RewriteEngine On and/or include this at the top of any .htaccess file with the engine enabled.
Note that the "." prefix picks up files such as .htaccess.
Please use a framework, these kind of issues just doesn't need to exist. If you insist though, write a .htaccess to redirect every request to a single index.php in the root directory, which then have more logic to determine whether or not the request is for a valid file and include them, otherwise generate 404 or 403. If you need performance for static files, then use RewriteCond to exclude specific directories or file type from the index.php check.
When enabled and privileged, the mod_dir module in Apache2 automatically serves a HTML formatted page with the contents of a directory when a directory is requested which does not contain an index.html file. I am looking for an easy way to make these directory contents machine readable; Preferebly have the contents of the directory formatted as a JSON array containing the subdirs/subfiles instead of an HTML page.
What would be a an easy way to accomplish this, that works on most standard configurations of Apache2.2? (no php scripts please)
What would be a an easy way to accomplish this, what would work on most standard configurations of Apache2.2?
There isn't one. You'd need to either modify and rebuild mod_autoindex, or you'd need to redirect to a script or generated JSON file on the server.
I don`t know anything about .htaccess files except how to secure a folder or deny access.
I want to deny direct access to .js files (by typing the file name in url) on my server, say the files are stored in a folder named /js/ how can I use the .htaccess to do that?
You cannot do that.
Actually there is no 'direct access' or 'indirect access'. The browser accesses the JS file the same way when you load it from a SCRIPT tag and when you try to load it separately (typing the file name in browser).