Block access to url with .htaccess [closed] - .htaccess

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
How can I block users from viewing sites that are located in the folder of main domain? For example: main domain is www.maindomain.com. When I create subdomain for another account in cPanel, it creates folder it it is accesible if someone type for example www.maindomain.com/subdomain. I would like to block certain folders, but leave others, as I have pages in folder: wwwmaindomain/contact-us. How can I do that? Hope it's clear enough :)

Try following RewriteRule in your .htaccess
RewriteEngine On
RewriteRule ^subdomain/(.*) /index.php [R=403,NC,L]
This will redirect any /subdomain request to your index.php with forbidden response code

Add these rules in the htaccess file in your document root (for maindomain.com):
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?maindomain.com$ [NC]
RewriteRule ^(subdomain1|subdomain2|subdomain3) - [L,F]
This will return a "403 Forbidden" if you try to access /subdomain1, /subdomain2, or /subdomain3 from the maindomain.com host. If you don't want to return a 403, you can also redirect:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?maindomain.com$ [NC]
RewriteRule ^(subdomain1|subdomain2|subdomain3) / [L,R=301]
This redirects any access to the subdomains from the maindomain.com host to the document root.
Rules to add to the top of htaccess files found in the subdomain folders:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?maindomain.com$ [NC]
RewriteRule ^ - [L,F]
or
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?maindomain.com$ [NC]
RewriteRule ^ / [L,R=301]

very efficient way to do this is to place an blank index.php file the folders you do not want to show, so no need to mess with htaccess, or you can just create a new .htaccess with this code
deny from all
save this as .htaccess of that perticular folder you do not want to show to pubblic, however i perfer the first option.

Related

Canonical https and www [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
Apologies if this seems pretty simple to some folk.
In the past I have set up 301 redirects with that snippet of code that is all over the internet:
Options +FollowSymlinks
RewriteEngine on
rewritecond %{http_host} ^domain.com [nc]
rewriterule ^(.*)$ http://www.domain.com/$1 [r=301,nc]
However, a few things leave me uncertain for this particular project.
1) I'm using https, so there are four CNames now (is that (CName) correct terminology?)
https://example.com
https://www.example.com
http://example.com
http://www.example.com
2) I am using a CMS that needs the .htaccess file in order to search for CSS and other info when runnign the site. I'm therefore, as a less tech person, worried about fiddling with the .htaccess file (When this file was missing previously die to a separate issue the site was not functional)
Questions:
1) Does it matter where int he .htaccess file I place the redirect? Start/End of file?
2) How would I alter the snippet above to take into account the https?
Here is the .htaccess code
# Turn on URL rewriting only when mod rewrite is turn on
<IfModule mod_rewrite.c>
RewriteEngine On
# Installation directory
RewriteBase /
# Protect application and system files from being viewed
RewriteRule ^(application|modules|system|tests|sql) - [F,L]
# Allow any files or directories that exist to be displayed directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Rewrite all other URLs to index.php/URL
RewriteRule .* index.php?kohana_uri=$0 [L,QSA]
</IfModule>
# Protect the htaccess from being viewed
<Files .htaccess>
order allow,deny
deny from all
</Files>
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
#Follow symlinks
Options +FollowSymlinks
To redirect all requests to http://example.com, you can prefix your rules with
RewriteCond %{HTTP_HOST} ^www\.example\.com$ [OR]
RewriteCond %{HTTPS} =on
RewriteRule ^.*$ http://example.com/$0 [R,L]
This redirects all requests, which come with HTTPS or www.example.com or both.
When everything works as you expect, you can change R to R=301.
Never test with 301 enabled, see this answer Tips for debugging .htaccess rewrite rules for details.

htaccess rewrite to subdirectory with exceptions [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I have setup my GoDaddy Shared Hosting account that no scripts should be run directly from server root - scripts start at least one subdir down. I also have subdomains which also fall in this category because it seems that my server simply rewrites the subdomains to selected folders.
/root
wordpress
drupal
app1
subdomains
sub1
sub2
sub3
I decided that I want www.mydomain.com to launch wordpress - so after quite a bit of research on SO and testing some solutions - this is the htaccess that worked. Other solutions were causing a 500 server internal error which I assume is a limitation of my hosting plan.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.mydomain.com$ [NC,OR]
RewriteCond %{REQUEST_URI} !wordpress/
RewriteRule ^(.*)$ wordpress/$1 [L]
</IfModule>
But now subdomains no longer work and from the server error message The requested URL /wordpress/subdomains/sub1/ was not found on this server. it is evident that my rewrite rules are kicking in for the subdomains.
I tried adding a RewriteCond %{REQUEST_URI} !subdomains befor the RewriteRule but didn't help.
Also RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d-all rewrites stop working.
How can I modify the rules so that specific directories/patterns should not be redirected? Or maybe if directory exists it shouldn't rewrite?
Try adding this before the rules that you have for wordpress:
RewriteRule ^subdomains - [L]
It should simply let requests that start with /subdomains pass through without doing any rewriting.
Replace your Rewrite rule with this:
Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^(www\.)?mydomain\.com$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ wordpress/$1 [L]
This will make sure wordpress/ redirection is not done for any file or directory.

Override root .htaccess to allow query string access in a subdirectory [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I have the rewrite block below in an .htaccess in the public_html root folder to protect from strange query strings and other "bad" access.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR]
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC]
RewriteRule .* - [F]
</IfModule>
But this breaks me running phpmyadmin in a subfolder. Specifically, phpmyadmin (not in a standalone folder, but in a WordPress plugin; but this shouldn't make a difference) is "access denied" from localhost (I think) by the base64_encode|localhost|mosconfig line above. I remove that line and phpmyadmin will then run in the subfolder.
What can I put in an .htaccess file in the subfolder to "clear" or override that one rule?
Create an htaccess file in your phpmyadmin subfolder and put this in it:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC]
RewriteRule .* - [F]
</IfModule>
That rule will have precedence over any rule in any parent folder.

subdomain redirection in htaccess [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I was wondering if the following scenario is possible using htaccess rules.
I want one subdomain to be redirected to another url.
I have contact the server admin to add the "test" subdomain to "example.com" domain.
The main domain has no other subdomains.
What rule must i put in htaccess to do achieve:
http://test.example.com to be redirected to http://www.something-else.com.
NOTE: www.something-else.com is a complicated url (200 chars length)
EDIT
My full htaccess file now looks like:
Options +FollowSymLinks
RewriteEngine on
RewriteOptions inherit
RewriteBase /
RewriteCond %{HTTP_HOST} ^test.example.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/redir.php [L]
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
The htaccess file is located to example.com root directory.
I have no physical access to test subdirectory, although i know it exists - ping to that url shows me the IP of example.com
Typing test.example.com to the browser's address bar has no effect. White screen, no redirection, no nothing. If some page exists there, i know not.
For static urls:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^test.example.com$ [NC]
RewriteRule ^(.*)$ https://www.somdomain.com/a/folder1/somepage?var=xxx&var2=xxx&var3=xxx&var4=http://another-domain.com/folder1/xxxxx/?&var5=xxx&var6=xxxx [R=301,NC,L]
For Dynamic urls (if the original domain has folders that needs to be moved to the other domain):
RewriteEngine On
RewriteCond %{HTTP_HOST} ^test.example.com$ [NC]
RewriteRule ^(.*)$ https://www.somdomain.com%{REQUEST_URI} [R=301,NC,L,QSA]
From your edit:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^test.example.com$ [NC]
RewriteRule ^(.*)$ redir.php [R=301,NC,L]

how to remove url parameters in htaccess [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have a codigniter site which does not like added url parameters
for example mysite.com/page/value is good but
mysite.com/page/value?url=parameters is bad.
Google ads campaigns attach url parameter for tracking, I want to get rid of these for the call to Codeigniter. (I know there are several ways to do it in codeigniter but I want to do it in htaccess level)
My htaccess is :
<IfModule mod_rewrite.c>
RewriteEngine On
# This is different between local host and production server!!!
RewriteBase /
#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
# If we don't have mod_rewrite installed, all 404's
# can be sent to index.php, and everything works as normal.
# Submitted by: ElliotHaughin
ErrorDocument 404 /index.php
</IfModule>
How should I change it to make it ignore url parameters but still accept mysite/a/b/ urls?
This should remove any query string:
RewriteCond %{QUERY_STRING} .
RewriteRule (.*) $1?
You could test if the query is not empty and stop the rewrite process:
RewriteCond %{QUERY_STRING} !^$
RewriteRule ^ - [L]
Just put this rule before your others and any request with a query does not get beyond this rule.

Resources