Htaccess to use the hosting for live testing - security

I would use the hosting for live testing, but I want to protect access and prevent search engine indexing.
For example (server directory structure) within public_html:
_private
_bin
_cnf
_log
_ ... (more default directories hosting)
testpublic
css
images
index.html
I want index.html is visibile to everyone and all other directories (except "testpublic") are hidden, protected access and search engines not to index.
The directory "testpublic" I wish it was public but may not be indexed in search engines, not sure if this is possible.
To do understand that I need 2 files .htaccess.
One general in "public_html" and other specific for "testpublic".
The .htaccess general (public_html) I think it should be something like:
AuthUserFile /home/folder../.htpasswd
AuthName "test!"
AuthType Basic
require user admin123
< FilesMatch "index.html">
Satisfy Any
< / FilesMatch>
Can anyone help me create the files with the appropriate properties? Thank you!

You can use a robots.txt file in your root folder. All standards-abiding robots will obey this file and not index your files and folders.
Example Robots.txt that tells all (*) crawlers to move on and index nothing.
User-agent: *
Disallow: /
You could use .htaccess files to fine tune what your server (assuming Apache) serves out and what directory indexes are visible. In which case you would add
IndexIgnore *
To your .htaccess file to disallow indexes.
Updated (Credit to https://stackoverflow.com/users/1714715/samuel-cook):
If you want to specifically stop a bot/crawler and know its USER AGENT string you can do so in your .htaccess
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} Googlebot
RewriteRule ^.* - [F,L]
</IfModule>
Hope this helps.

Related

htaccess rule to show my website under a specific path when accessing root domain URL

I have my website inside the following path on my remote web hosting server:
~/public_html/website/app
and need to find a way to show it when typing:
mydomain.com
so without the need of typing the full path:
mydomain.com/website/app/
One solution that came to my mind was to create a index.php file inside my root folder to automatically redirect to ./website/app/:
<?php
header('Location: ./website/app/');
exit;
but then I need to rewrite the URL in order to go from:
mydomain.com/website/app/
to:
mydomain.com
and I did not find a way to do that!
So, what do you think I should do to obtain that result and show my website under /website/app/ when accessing:
mydomain.com
and do not show the /website/app/ folder names?
Thanks a lot!
edit:
I was forgetting that I also have the website/server path so I need a rule that keeps valid the requests containing mydomain.com/website/server/.
Plus, I cannot use:
Options +FollowSymLinks
on my hosting (for security reasons), it's overridden by:
Options +SymLinksIfOwnerMatch
You have two options to do that.
If you just want to show the /website/app directory for your root url / then you can use DirectoryIndex directive .
DirectoryIndex website/app
This will show you the index file from /website/app folder if you visit the your root URI ie : example.com/ .
If you want to server files and directories from the /website/app instead of the / folder then you can use a RewriteRule that rewrites your root level requests to the subfolders .
RewriteEngine on
RewriteRule !website/app /website/app℅{REQUEST_URI} [L]

.htaccess rule to skip folder name from entire urls

My project name is funfeesa and all client side pages are contains in "client" folder. But I want to access then without to write client folder in the url.
just like below:
localhost/funfeesa/index.php
I have tried many rules in .htaccess file but nothing is working fine.
can anyone help me?
#prevent directory listing
Options -Indexes
IndexIgnore */*
#follow symbolic links
Options FollowSymlinks
RewriteEngine on
RewriteRule ^funfeesa/index.php(.+)?$ funfeesa/client/index.php/$1
Try to access your .htaccess file as above
Still if it doesn't work try by removing index.php from above rules but I think It should work :)

htaccess contact form upload folder - how to hide it

I have got a contact form on my website with file attachment as well, that has been restricted only to pictures. Although if I type in example.com/uploads/ all the files are accessible by anyone. Is htaccess the best way to hide it? Also how could I do that in a safe manner, without messing up the contact form?
I have tried this, but it blocks the whole website
deny from all
<Files ~ “^w+.(gif|jpe?g|png)$”>
order deny,allow
allow from all
</Files>
if I type in example.com/uploads/ all the files are accessible
You mean you get a directory listing? This can be disabled in .htaccess:
Options -Indexes
To actively block all HTTP requests for files in the /uploads directory (since you state in comments that these are only ever accessed over FTP) then all you need is (in your root .htaccess file):
RewriteEngine On
RewriteRule ^uploads - [F]
This will respond with a 403 Forbidden for all requests that start /uploads.
Just to block access to example.com/uploads/ you can place this rule in /uploads/.htaccess:
RewriteEngine On
RewriteRule ^/?$ - [F]

Best approach, htaccess file fallback in another folder

I'm looking to centralise the resources of a number of small websites in one hosting account.
The main resources for each site will be in one core folder, however each site should be able to overide the core if needed.
So I'm trying to get htaccess redirection to first look in the local folder for requested files, then fall back to the resources folder if the file is not present.... I'm tying myself in knots!
I know how to do basic redirects and have been reading through various tuts, but think I'm getting the syntax wrong. I was also looking at the fallbackresource directive, but I don't think this is meant for this scenario.
I tried something along these lines but it didn't seem to work, and obviously it is only aimed at the img folder - I'm guessing I need some wildcards in there to cover all bases:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^img/(.*) http://domain.com/resources/img/$1 [R=301,L]
</IfModule>
Any pointers in the right direction would be very much appreciated! This is a very basic illustration of my intended structure:
.htaccess
|
|-/Resources
|-/img
|-img1.jpg
|-/styles
|-style.css
|-/cms
|-core.php
|
|-/Site1
|-index.php
|-page2.php
|-/img
|-/styles
|-/cms
|
|-/Site2
|-index.php
|-page2.php
|-/img
|-/styles
|-style.css [local override file]
|-/cms

Deny access to subdirectories using htaccess

Consider these files structures on web root directory :
files/1/1.jpg
files/1/2.jpg
files/2/1.jpg
files/2/3.jpg
files/3/6.jpg
files/3/8.jpg
files/4/1.jpg
I want to deny access to files inside folder 2 and 3 using htaccess file that exists in web root directory. I try but nothing happend. Here's the code I used:
<FilesMatch "(2|3)\/*$" >
Order deny,allow
Deny from all
</FilesMatch>
Would you correct my mistake?
Thank you.
If your htaccess file is in your web root, and the files directory is also in the web root, you won't be able to match against files in another (sub)directory. You can either try putting the <FilesMatch> in an htaccess file in the files directory, or you can use mod_rewrite in the htaccess file in your web root:
RewriteEngine On
RewriteRule ^files/(2|3)/ - [F,L]
For optimal performance using htaccess, you should create a .htaccess file in each of the directories you want to protect:
Order deny,allow
Deny from all

Resources