Multiple Conditions in .htaccess - .htaccess

I'm trying to redirect images on my server to a url, if the user client is NOT A BOT.
So far I have:
RewriteCond %{HTTP_USER_AGENT} "Windows" [NC]
RewriteCond %{REQUEST_URI} jpg
RewriteRule ^(.*)$ http://www.myurl.com/$1 [R=301,L]
But something is wrong. Is it possible to combine these 2 conditions?

Your idea is admirable, but the logic is flawed based on real world bot behavior.
I deal with security on sites all the time & User Agent strings are faked all the time. If have an option to install it, I would recommend using a tool like Mod Security. It’s basically an Apache module firewall that uses configurable rulesets to deny bad patterns of access behavior. But honestly, if you are having issues with .htaccess stuff like this Mod Security might be too intense to understand.
A better tact is to just prevent hot-linking via mod_rewrite tricks like this.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.mydomain.com/angryman.gif [R,L]
Then again, reading your question I am not 100% sure what you want to achieve? Maybe mod_rewrite stuff like this can give you hints on how to approach the issue? Good luck!

Related

htaccess on one.com webspace

Recently I moved my websites to the hoster one.com. They have setup an automated mechanism (I dunno what they use to achieve that) to rewrite any first-level folder on the webspace to a subdomain.
I.e. the folder http://example.com/folder1/ will be also available as http://folder1.example.com/
Now, I have a site, that is using quite a lot javascript to include pages from a hardcoded, static source. Due to the SOP the scripts are working depending on which hardcoded reference they use.
So, to make sure that everybody gets a working version of the website, i wanted to redirect the direct folder access to the subdomain as well.
My htaccess for this - which is working localy and on various htaccess-testers out there - seems to be not working with one.com:
RewriteEngine On
#Rewrite Access to folder1-folder to subdomain.
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteCond %{REQUEST_URI} ^/folder1.*?$ [NC]
RewriteRule .* http://folder1.example.com/ [R=301,L]
Since I don't know the exact mechanism one.com is using to achieve the mentioned behaviour it might just be a conflict with my rules.
Support says, that all the used commands are fully supported, and therefore wasn't be able to tell what's going wrong...
Does anybody have encountered something similiar and has a hint for me?
just fiured out the solution:
RewriteEngine On #does not work
vs.
RewriteEngine on #does work
You need to check that the actual request was made for /folder/ and not the URI (which can internally be rewritten). Try:
#Rewrite Access to folder1-folder to subdomain.
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteCond %{THE_REQUEST} ^[A-Z]+\ /+folder1/ [NC]
RewriteRule ^folder1/(.*)$ http://folder1.example.com/$1 [R=301,L]

Use .htaccess to load files from another folder

I have a good reason to do this. I feel this is the most cost effective way of providing an update.
This is my current url structure
/ <-- Contains Website
/cart
/cms
Boss wants the client to have an option to forego the website and instead load the cart in place of the website. The system is fairly old, the website and cart are completely different systems. We host a lot of websites from this single system. Configuring 2 systems for 2 different websites types will involve too much maintenence.
The least work solution would be to rewrite the /cart into /. I came up with the following.
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/cart/
RewriteCond %{REQUEST_URI} !^/cms/
RewriteRule ^(.*)$ cart/$1
This returns a server error. Adding /cart/$1 on the final line does work. I need this to work when the system isn't installed in the root directory. Does anyone know how to fix this?
You can use this rule:
RewriteEngine On
# Determine the RewriteBase automatically
RewriteCond %{REQUEST_URI}::$1 ^(.*?/)(.*)::\2$
RewriteRule ^(.*)$ - [E=BASE:%1]
RewriteCond %{REQUEST_URI} !/(cart|cms)/ [NC]
RewriteRule ^(.*)$ %{ENV:BASE}cart/$1 [L]

.htaccess Hotlink Disabling Not Working Correctly

I have the following snippet:
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://%{SERVER_NAME}/
RewriteRule \.(js|css|png|jpg) - [R=404,L]
Simple and should work right? It seems to 404 the listed filetypes if I have referrers enabled on browser. Disabling referrers it then allows the files to be served. I have checked the value of %{SERVER_NAME} and it is www.mydomain.com I've tested this in multiple browsers and under HTTP and HTTPS, all have the same result. I used the below rewrite to check %{SERVER_NAME}'s value:
RewriteRule servername value_is_%{SERVER_NAME} [R=301,L]
The URL I get redirected to is then https://www.mydomain.com/value_is_www.mydomain.com
That being said the snippet should allow a referrer with that value or an empty one. But why is it being triggered? It's been driving me nuts for the past 2 hours, but it's 5am so I could be just crazy =o\ Thank you in advance, and I'm off to bed!
Problem is, you cannot use variables in conditional patterns (well, at least not until Apache 2.4) as the patterns are being precompiled during server startup.
For your particular problem, though, there's a simple workaround that you may use to mimic the condition:
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{SERVER_NAME}%{HTTP_REFERER} !^(.*)https?://\1/
RewriteRule \.(js|css|png|jpg) - [R=404,L]
Yep, that's all. You cannot use variables but sure can use back-references.
Oh ... and btw. Apache 2.4 does ship with expressions that may be used instead of the conditional patterns:
RewriteCond expr "! %{HTTP_REFERER} -strmatch '*://%{HTTP_HOST}/*'"

.htaccess redirect user upon specified HTTP HOST

Due to some internal problems and refusal from another part, I need a way to redirect ALL access from a specified domain. So far I've come up with the following:
RewriteCond %{HTTP_HOST} ^bad-domain.com [NC]
RewriteRule ^(.*)$ http://mydomain.com/bad-request.html
Which doesn't work. Worth noting is that I'm not good with rewrites, but I'm trying to learn.
I've sucessfully implemented this in PHP, but that requires the code in every project, which really isn't the way to go.
All suggestions, tips and answers are appreciated that puts me in the right direction.
I don't see a reason why this should not work. Please check these points again:
RewriteCond %{HTTP_HOST} ^bad-domain.com [NC,L]
RewriteRule ^(.*)$ http://mydomain.com/bad-request.html
As Alexander Støver pointed out:
RewriteEngine on
Then, if you put those rules in your servers configuration you have to restart the daemon. So probably something like
/etc/init.d/apache2 restart
Make sure you check the error logfile if the daemon complains about something. Should be something like this:
/var/log/apache2/error_log
or wherever you write your logs to.
If you put those rules into ".htaccess" files (why?) then make sure the server is actually configured to use those files and that you allow to override file paths:
AllowOverride: FileInfo
Use logging to debug the rewriting. There are two options for this provided by mod_rewrite:
RewriteLog
RewriteLogLevel
You also need to add a rule for images.
RewriteCond %{REMOTE_ADDR} !^187\.10\.226\.42
RewriteCond %{REQUEST_URI} !^/maintenance\.html$
RewriteCond %{REQUEST_FILENAME} !.(gif|jpe?g|png)$
RewriteRule ^(.*)$ http://%{HTTP_HOST}/maintenance.html [R=307,L]

Ignore magento admin directory in GeoIP Htaccess Rewrite

I've got a magento install that is using the htaccess mod_geoip to redirect people from specific countries to other store fronts. It's working like a charm (after I got it to ignore javascript and skin files), but I'm going to be having someone from Australia input some orders into the backend of magento.
The issue is that they can't access the main backend at store/index.php/admin (they are rewritten to austore/index.php/admin) and when they go to put orders in, they are missing some integral components of the order process which I think is due to the url being rewritten to austore/index.php/admin. Wondering if there is a way that if the request uri is store/index.php/admin that they won't get rewritten. My code is below from my htaccess:
RewriteRule ^(skin|js) - [L,NC]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(AQ|AU|MY|BV|BN|BN|MM|KH|CN|CX|CC|CK|GQ|FJ|PF|GU|GW|HM|HK|ID|KI|KR|KP|KR|LA|MO|MY|MH|FM|MM|NR|NC|PG|NZ|NU|NF|PG|CN|PH|PN|WS|SG|SB|KR|LK|BN|TW|TW|AU|TH|TL|TK|TO|TV|VU|VN|VN|WF)$
RewriteCond %{REQUEST_URI} ^/store(/.*)$ [NC]
RewriteRule ^ /austore%1 [L,R]
Thanks for the help!
Taken from this, http://www.sonassi.com/knowledge-base/magento-kb/secure-your-magento-admin/ you can use the same rewrite logic in what you want to do.
RewriteCond %{REQUEST_URI} !^/store/(index.php/)?(admin|custom_extensions_go_here)/ [NC]
RewriteCond %{REQUEST_URI} !^/store/downloader/ [NC]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(AQ|AU|MY|BV|BN|BN|MM|KH|CN|CX|CC|CK|GQ|FJ|PF|GU|GW|HM|HK|ID|KI|KR|KP|KR|LA|MO|MY|MH|FM|MM|NR|NC|PG|NZ|NU|NF|PG|CN|PH|PN|WS|SG|SB|KR|LK|BN|TW|TW|AU|TH|TL|TK|TO|TV|VU|VN|VN|WF)$
RewriteCond %{REQUEST_URI} ^/store(/.*)$ [NC]
RewriteRule ^ /austore%1 [L,R]
Just bear in mind, doing this through .htaccess could potentially cause some bizarre issues in the long run with 3rd party extensions, that have custom admin routes (that are not prefixed with /admin) break. So just be mindful of this.
I would advocate the use of a Magento extension (PHP based), mod_geoip store switcher - as then you can make it apply only to the frontend area of the Magento store (to prevent the potential errors I've described above)

Resources