To make font-face work on FF I need to make a .htaccess file, upload it to the root directory and that should be it right?
so in a blank text file i write:
<FilesMatch "\.(ttf|otf|eot)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
</FilesMatch>
I save it, I upload it to the site root and rename it to .htaccess
but it is not working, no matter what I do..
The strangest thing is that ff loads the fonts on some of the pages but not on all
Is there something else that should be added to the text/htaccess file?
Using htaccess as mentioned above did not solve anything, it actually just made things worse.
The solution was to make all paths relative.
I mean, EVERY path related to the fonts.
Related
I have adapted the .htaccess on my WordPress site and made additions such as the activation of GZIP.
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
</IfModule>
Then I put a rule in the subfolder that should prohibit access to certain pages.
<FilesMatch "connection\.php|data\.php|protection\.php">
order allow,deny
deny from all
</FilesMatch>
Of course, I wanted the rules created in the root folder to also apply to the additional rules in the subfolders (of course only in the respective folders). Today I read a article that made me suspicious in which I read that a .htaccess file in a subfolder completely overwrites a .htaccess file from a parent folder and not adds the new specific points and only when a new point is added to a point from the higher-level folders which is suppose it gets overwritten. So I tried it out and in my opinion it is not true because, according to GZIP Tester, the files are also got zipped in the folder where I don't add this
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE
</IfModule>
Here is a diagram from the page where I found this article.
It's German, but I think you will understand that. (Verzeichnis = Root folder, Unterverzeichnis = subfolder)
The question is what's right, did I make a mistake and have to re-list the rules every time I want to extend the root folder in each .htaccess file (in sub-folders) or was the text on the website just wrong?
From the official Apache docs (https://httpd.apache.org/docs/current/howto/htaccess.html#how):
The configuration directives found in a .htaccess file are applied to the directory in which the .htaccess file is found, and to all subdirectories thereof. However, it is important to also remember that there may have been .htaccess files in directories higher up. Directives are applied in the order that they are found. Therefore, a .htaccess file in a particular directory may override directives found in .htaccess files found higher up in the directory tree. And those, in turn, may have overridden directives found yet higher up, or in the main server configuration file itself.
I need to make PDF files that are stored in a folder (with subfolders) outside of the web root publically accessible by a plain URL. An alias has been created in Apache that leads this folder so what I need now is a redirect rule in .htaccess to make this work.
I have this alias: https://www.examplesite.com/certificate
The URLs that will be used to access these PDFs are for example: https://www.examplesite.com/certificate/2018/LGOIGD9E9345034GJERGJER.PDF
https://www.examplesite.com/certificate/2017/GSDFJGLKJNL345L34LSNFLSD.PDF
How should I format my redirect rule in .htaccess to decide if the file is to be downloaded or viewed in the browser?
Sorry about the noise, I found the answer by myself:
<FilesMatch "\.pdf$">
ForceType applicaton/octet-stream
Header set Content-Disposition attachment
</FilesMatch>
I am trying to make my site "www.suruleretv.co" files like mp3, mp4 to force download instead of streaming.
I've tried to add some codes in find online via .htaccess but am getting error after adding it.
<FilesMatch "\.mp3$">
ForceType application/octet-stream
Header set Content-Disposition attachment
</FilesMatch>
it would help if you could add your code to the question, to clarify what you want and to identify what the issue is.
However, if you want to force files to be downloaded, adding the following in your .htaccess should be enough:
<FilesMatch "\.(mp3|mp4)$">
ForceType application/octet-stream
Header set Content-Disposition attachment
</FilesMatch>
Please keep in mind, that if you only add this part and have nothing else in it, you will have to save your .htaccess file in the same directory as the downloadeable files. It won't work for subfolders, without adding more rules.
I've been trying to get this working for the last 3 days.
I have a WordPress site hosted with 1and1. I'm using the w3 total cache along with my rackspace cloudfiles account. All theme files are hosted from the cdn (css, fonts etc). This works fine in all but IE and FF. Reading further into it on SO this is a widely known issue. So, following this answer I've added the following to my htaccess file under both the site root, the fonts directory and the css directory.
<FilesMatch "\.(ttf|otf|eot|woff)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
</FilesMatch>
I've also hard coded my cdns path to my font like this:
#font-face {
font-family: 'LeagueGothicRegular';
src: url('http://112k3jh1g23kj1g23kjhg12k3hg1kj2g3h1g-r93.rackscdn.com/mysite/wp-content/themes/mytheme/css/fonts/League_Gothic.eot?') format('eot')...
The cdn is serving the correct files, this all works in chrome but still web fonts DO NOT work in firefox and IE.
What am I missing?
I managed to solve this by base64 encoding the fonts in the the CSS. Hope this helps someone.
I have a files directory for my image storage in my web root folder, i want to know how to secure that folder. i prevent people from uploading scripts to that folder, i check file extensions, if it is not an image then it will not save to that folder.
but faking extensions are done easily, what happens if someone manage to upload a script to my files directory and access that from the browser
so i need a way to prevent scripts from running inside that folder and only allow images to run.
i know htaccess can do that but i dont know how to set it up. my .htaccess file is like this:
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI
ForceType application/octet-stream
<FilesMatch "(?i)\.(gif|jpe?g|png)$">
ForceType none
</FilesMatch>
Options All -Indexes
but it is not working, i saved a php file in that folder then tried to accessed it from the browser and i can still access it. do you know how to make this work? or if you have more secure approach to this, please tell me.
thank you
I think that it isn't working because you have only added an extra handler, you haven't removed the other handlers.
It is easiest to put another .htaccess file in the folder you want to protect (rather than messing with the match directive) that contains:
# Fix PHP, you should do matching commands for JSP and ASP, & html
RemoveType application/x-httpd-php php
# .... add the other remove-handler statements here .... #
# Optionally make these equivalent to text files.
# UPDATE: Taken this out as you dont want people to see PHP files at all
#AddType text/html php
# To disable cgi and server side includes & indexes
# You need to check the setup of Apache, some of the file types
# listed should already be handled as CGI (.pl, .py, .sh)
Options -ExecCGI -Includes -Indexes
# Completely block access to PHP files
<FilesMatch "\.(php|phps|html|htm|jsp|asp)$">
Order allow,deny
Deny from all
</Files>
# Add in any additional types to block
That covers PHP and CGI, you should do matching commands for JSP and ASP
UPDATE: Added code to completely block access to PHP files - sorry, thought initially that you simply didn't want them executing. Also note that I've commented out the line that turns PHP files into text files.