Is it possible to do include rules from another htaccess file in .htaccess ?
.htaccess
RewriteEngine On
RewriteCond ...
RewriteRule ...
Include .htaccess1
.
.
Include .htaccess2
Doing this gives a 500. Include not allowed here
Is there a way to do this ? Because I need this pretty badly.
You can't include rules, statements, definitions, or directives from other files from an htaccess file. The Include directive can't be used inside an htaccess file. Part of the point of an htaccess file is to act similarly to a <Directory> block but be self contained and unable to access things outside of the directory itself (subdirectories are ok) but more specifically nothing outside of the document root. This way, someone doing malicious things won't be able to point requests or include files/content from other directories by hacking the htaccess file.
In the scope of mod_rewrite specifically, there are options for the RewriteOptions that allow inheriting rewrite rules from the htaccess file from a parent directory, but nothing to arbitrarily include rules from anywhere.
I know this may be a little late, but instead if you are attempting to implement an IP ban, or similar type of dynamic rule content, use the very last rule in your .htaccess file to point the request at a single .php or similar languaged script that performs this function (your single script can load the dynamic rules in your own format and make that same decision as Apache would have depending on what your actually trying to accomplish) then passes the request on to the actual page being requested. It adds a layer to the whole request processing, but gives the same dynamic function to all pages without the need to generate direct rules for the server and attempting to have Apache make the decisions for you.
Just thought I would add this thought for anyone else who may stumble across this post looking for something similar.
It is possible - in 2-3 steps...
Create your file of IPs to Deny. It could be a .php file, .txt file, even .csv file.
Create a .php (or language of your choice) script, which purpose is to output a file named ".htaccess".
Every time you update your file of IPs to Deny, run the said 2) .php script, and output a new .htaccess, to each of your Domains.
If you have statements in addition to IPs to Deny, hard code them in your .php script to output first. See https://www.askapache.com/htaccess/
The .php script could generically look like:
$output = "statement1".PHP_EOL;
$output .= "statement2".PHP_EOL;
$output .= "statement3".PHP_EOL;
...
Then, when you're ready for the DENY portion:
$denyList = file_get_contents("the/list/of/IPs.txt"); // or .php etc.
$ArrayDenyList = explode(PHP_EOL,$denyList); // or your line ending character, if necessary
foreach($ArrayDenyList as $key =>$value) {
$output .= 'Deny from '.$value.PHP_EOL;
}
Then write the file: (you probably have a standard way):
$handle = fopen(.htaccess,"w"); //complete path if in another domain
fwrite($handle,$output);
fclose($handle);
echo "Success - <p>";
If you have more than one Domain, then have an Array of those Domain name's path, and foreach that Array, and fwrite to each path.
If some Domains already have .htaccess requirements, put that in a readable .txt file... do a file_get_contents(on that), "output =" that, add the "Deny's, then "output .= ..." each in a "foreach()" loop.
Anyway... you've done all these things before... just apply each technique to this scenario.
An .htaccess file can't "include()" other files, but a .php script can, and .php scripts can output files named ".htaccess", that can be built by script.
The above method works, and I started doing it when I needed to create rows of "RewriteRule" for each of my catalog of products! Every time I add a new product, I run my script that outputs a fresh .htaccess file... built from my SQL table of products. Similar to my .php script that "fwrite"s my sitemap.xml.
(I hope no .php punctuation or "$"s got lost in this typing.)
You can create server side script like PHP ".htaccess.php" and inside put your includes. Of course, you must configure apache:
AccessFileName .htaccess.php
Related
I have these three links:
localhost/my_projects/my_website.php
localhost/my_projects/my_website.html
localhost/my_projects/my_website
The paths of the php and html files are as follows:
C:\xampp\htdocs\my_projects\my_website.php
C:\xampp\htdocs\my_projects\my_website.html
The link without an extension is "artificial" and I want to use said link:
localhost/my_projects/my_website
to get the contents of either of these links:
localhost/my_projects/my_website.php
localhost/my_projects/my_website.html
The reason for the two example files, instead of just one, is that I want to be able to switch between those two files when I edit the htaccess file. Obviously I only want to access one of those files at a time.
What do I need to have in my .htaccess file inside the my_projects folder to accomplish that? How can I make one specific link redirect to another specific link?
After reading your comment clarifying your folder structure I corrected the RewriteRule. (By the way, it would be best if you add that info to the question itself instead of in comments).
The url you want to target is: http://localhost/my_projects/my_website
http:// is the protocol
localhost is your domain (it could also be 127.0.0.1 or a domian name like www.example.com in the Internet)
I assume you are running Apache on port 80, otherwise in the url you need to also specify the port. For port 8086 for example it would be http://localhost:8086/my_projects/my_website.
The real path is htdocs/my_projects/my_website.php or htdocs/my_projects/my_website.html depending on your needs (obviously both won't work at the same time).
Here the my_projects in the "fake" url collides with the real folder "my_projects" so Apache will go for the folder and see there is no my_website (with no extension) document there (it won't reach the rewrite rules).
There is a question in SO that provides a work around for this, but it is not a perfect solution, it has edge cases where the url will still fail or make other urls fail. I had posted it yesterday, but I seem not to find it now.
The simple solution if you have the flexibility for doing it is to change the "fake" url for it not to collide with the real path.
One option is for example to replace the underscores with hyphens.
Then you would access the page as http://localhost/my-projects/my-website if you want to keep a sort of "fake" folder structure in the url. Otherwise you could simply use http://localhost/my-website.
Here are both alternatives:
# This is for the directory not to be shown. You can remove it if you don't mind that happening.
Options -Indexes
RewriteEngine On
#Rule for http://localhost/my-projects/my-website
RewriteRule ^my-projects/my-website(.+)?$ my_projects/my_website.php$1 [NC,L]
#Rule for http://localhost/my-website
RewriteRule ^my-website(.+)?$ my_projects/my_website.php$1 [NC,L]
(Don't use both, just choose one of these two, or use them to adapt it to your needs)
The first part the rewrite rule is the regular expression for your "fake" url, the second part is the relative path of your real folder structure upto the page you want to show.
In the regular expression we capture whatever what we assume to be possible query parameters after .../my_website, and paste it after my_website.php in the second part of the rule (the $1).
Later on if you want to point the url to my_website.html, you have to change the second part of the rule, where it says .php, replace it by .html.
By the way, it is perfectly valid and you'll see it in most SEO friendly web sites to write an url as http://www.somesite.com/some-page-locator, and have a rewrite rule that translates that url to a page on the website, which is what I had written in my first answer.
General Overview
I've been creating this really nice .htaccess file with a bunch of settings that work great so far. I am wondering if it is possible, now, to allow access to files through flat links only while denying access to the same files directly.
Explanation & Current Settings
To better present this question consider the following:
I have a file: i.e. myFile.php
Which is in a subfolder: i.e. my/path/to/file/
The file's full path would then be my/path/to/file/myFile.php
Accessing this file through a URL, one would write: my.domain.com/my/path/to/file/myFile.php
In my .htaccess file, I have written a rewrite rule, similar to the following line of code (preceded by some RewriteCond's that ensure conditions are met regarding the host and filenames respectively):
RewriteRule ^home$ \/my\/path\/to\/file\/myFile.php [NC,L]
This means that someone trying to get to my page my/path/to/file/myFile.php can simply write my.domain.com/home instead of the ugly path my.domain.com/my/path/to/file/myFile.php.
Question & Preferred Outcome
What I am asking is:
Is it possible to block access to myFile.php if a person or machine attempts to go to my.domain.com/my/path/to/file/myFile.php, all the while allowing access to the file through my.domain.com/home?
Any help regarding this is greatly appreciated
Is it possible to block access to myFile.php if a person or machine attempts to go to my.domain.com/my/path/to/file/myFile.php, all the while allowing access to the file through my.domain.com/home
Yes it is possible using THE_REQUEST variable, represents original request received by Apache from your browser and it doesn't get overwritten after execution of some rewrite rules.
You can use this rule to block direct access to that particular file:
RewriteCond %{THE_REQUEST} /my/path/to/file/myFile\.php[?/\s] [NC]
RewriteRule ^ - [F]
I have a PDF section that I want to give users the option to either view the file in their browser, or download it to their computer. I do not want to duplicate the files so have hit upon the idea of using a query string to tell the server the force the file to download, e.g.
FileName
In my .htaccess file for the pdfs folder, what do I need to put force the file to download if the query string is present?
What I have at the moment forces every pdf to download (instead of view):
<Files *.pdf>
ForceType applicaton/octet-stream
</Files>
You can do something like this with mod_rewrite:
RewriteEngine On
RewriteCond %{QUERY_STRING} ^view=download$
RewriteRule .*\.pdf$ - [L,T=applicaton/octet-stream]
http://httpd.apache.org/docs/current/rewrite/flags.html#flag_t
P.S.
Depending on your rewrite logic (if you have any) you may need to remove the L, flag.
The above rule will work for URLs that end with .pdf and having view=download as query string EXACTLY. This means that it will work for example.com/some/file/here/hello.pdf?view=download but will not work for example.com/some/file/here/hello.pdf?view=download&var1=param1. To have it working for such scenario as well you will have to adjust the rule accordingly (but considering the URL examples you have provided in your Question, it should not happen).
I have an on-the-fly thumbnailing system and am trying to find the best way to make sure it's as fast as possible when serving up images. Here is the current flow:
User requests thumbnail thumbnails/this-is-the-image-name.gif?w=200&h=100&c=true
htaccess file uses modrewrite to send requests from this folder to a PHP file
PHP file checks file_exists() for the requested image based on the query string values
If it does:
header('content-type: image/jpeg');
echo file_get_contents($file_check_path);
die();
If it doesn't it creates the thumbnail and returns it.
My question is whether there is a way to optimize this into being faster? Ideally my htaccess file would do a file_exists and only send you to the PHP file when it doesn't... but since I am using query strings there is no way to build a dynamic URL to check. Is it worth switching from query strings to an actual file request and then doing the existence check in htaccess? Will that be any faster? I prefer the query string syntax, but currently all requests go to the PHP file which returns images whether they exist or not.
Thank you for any input in advance!
You should be able to do this in theory. The RewriteCond command has a flag -f which can be used to check for the existence of a file. You should be able to have a rule like this:
# If the file doesn't exist
RewriteCond %{REQUEST_FILENAME} !-f
# off to PHP we go
RewriteRule (.*) your-code.php [L,QSA]
The twist here is that I imagine you're naming files according to the parameters that come in -- so the example above might be thumbnails/this-is-the-image-name-200-100.gif. If that is the case, you'll need to generate a filename to test on the fly, and check for that instead of the REQUEST_FILENAME -- the details of this are really specific to your setup. If you can, I would recommend some sort of system that doesn't involve too much effort. For example, you could store your thumbnails to the filesystem in a directory structure like /width/height/filename, which would be easier to check for in a rewrite rule than, modified-filename-width-height.gif.
If you haven't checked it out, Apache's mod_rewrite guide has a bunch of decent examples.
UPDATE: so, you'll actually need to check for the dynamic filename from the looks of it. I think that the easiest way to do something like this will be to stick the filename you generate into an environment variable, like this (I've borrowed from your other question to flesh this out):
# generate potential thumbnail filename
RewriteCond %{SCRIPT_FILENAME}%{QUERY_STRING} /([a-zA-Z0-9-]+).(jpg|gif|png)w=([0-9]+)&h=([0-9]+)(&c=(true|false))
# store it in a variable
RewriteRule .* - [E=thumbnail:%1-%2-%3-%4-%6.jpg]
# check to see if it exists
RewriteCond %{DOCUMENT_ROOT}/path/%{ENV:thumbnail} !-f
# off to PHP we go
RewriteRule (.*) thumbnail.php?file_name=%1&type=%2&w=%3&h=%4&c=%6 [L,QSA]
This is completely untested, and subject to not working for sure. I would recommend a couple other things:
Also, one huge recommendation I have for you is that if possible, turn on logging and set RewriteLogLevel to a high level. The log for rewrite rules can be pretty convoluted, but definitely gives you an idea of what is going on. You need server access to do this -- you can't put the logging config in an .htaccess file if I recall.
I want to redirect every post 301 redirect, but I have over 3000 posts.
If I list
Redirect permanent /blog/2010/07/post.html http://new.blog.com/2010/07/23/post/
Redirect permanent /blog/2010/07/post1.html http://new.blog.com/2010/07/24/post1/
Redirect permanent /blog/2010/07/post2.html http://new.blog.com/2010/07/25/post2/
Redirect permanent /blog/2010/07/post3.html http://new.blog.com/2010/07/26/post3/
Redirect per......
for over 3000 url redirect command in .htaccess would this eat my server resource or cause some problem? Im not sure how .htaccess work but if the server is looking at these lists each time user requests for page, I would guess it will be a resource hog.
I can't use RedirectMatch because I added date variable in my new url. Do you have any other suggestions redirecting these posts? Or am I just fine?
Thanks!
I am not an Apache expert, so I cannot speak to whether or not having 3,000 redirects in .htaccess is a problem (though my gut tells me it probably is a bad idea). However, as a simpler solution to your problem, why not use mod_rewrite to do your redirects?
RewriteRule ^/blog/(.+)/(.+)/(.+).html$ http://new.blog.com/$1/$2/$3/ [R=permanent]
This uses a regex to match old URLs and rewrite them to new ones. The [R=permanent] instructs mod_rewrite to issue a 301 with the new URL instead of silently rewriting the request internally.
In your example, it looks like you've added the day of the post to the URL, which does not exist in the old URL. Since you obviously cannot use a regexp to divine the day an arbitrary post was made, this method may not work for you. If you can drop the day from the URL, then you're good to go.
Edit: The first time I read your question, I missed the last paragraph. ("I can't use RedirectMatch because I added date variable in my new url.") In this case, you can use mod_rewrite's RewriteMap to lookup the day component of a post.
You have two options:
Use a hashmap to perform fast lookups in a static file. This means all your old URLs will work, but any new posts cannot be accessed using the old URL scheme.
Use a script to grab the day.
In option one, create a file called posts.txt and put:
/yyyy/mm/pppp dd
...for each post where yyyy is the year of the post, mm is the month, and pppp is the post name (without the .html).
When you're done, run:
$ httxt2dbm -i posts.txt -o posts.map
Then we add to to the server/virtual server config: (Note the path is a filesystem path, not a URL.)
RewriteMap postday dbm:/path/to/file/posts.map
RewriteRule ^/blog/(.+)/(.+)/(.+).html$ http://new.blog.com/$1/$2/${postday:$1/$2/$3}/$3/ [R=permanent]
In option two, use pgm:/path/to/script/lookup.whatever as your RewriteMap. See the mod_rewrite documentation for more info about using a script.
Doing the lookup in mod_rewrite is better than just redirecting to a script which looks up the date and then redirects to the final destination because you should never redirect more than once. Issuing a 301 or 302 incurs a round trip cost, which increases the latency of your page load time.
If you have some way in code to determine the day of a post, you can generate the rewrite on the fly. You can setup a mod_rewrite pattern, something like .html and set up a front controller pattern to calculate the new url from the old and issue the 301 header.
With php as an example:
$_SERVER['REQUEST_URI']
will contain the requested url and
header("Location: http://new.blog.com/$y/$m/$d/$title/",TRUE,301);
will send a redirect.
That's... a lot of redirects. But the first thing I would tell you, and probably the only thing I can tell you without qualification, is that you should run some tests and see what the access times for your blog are like, and also look at the server's CPU and memory usage while you're doing it. If they're fairly low even with that giant list of redirects, you're okay as long as your blog doesn't experience a sudden increase in traffic. (I strongly suspect the 3000 rewrites will be slowing Apache down a lot, though)
That being said, I would second josh's suggestion of replacing the redirects with something dynamic. Like animuson said, if you're willing to drop the day from the URL, it'll be easy to set up a RewriteRule directive to handle the redirection. Otherwise, you could do it with a PHP script, or generally some code in whatever scripting language you (can) use. If you're using one of the popular blog engines, it probably contains code to do this already. Basically you could do something like
RewriteRule .* /blog/index.php
and just let the PHP script sort out which post was requested. It has access to the database so it'll be able to do that, and then you can either display the post directly from the PHP script, or to recover your original redirection behavior, you can send a Location header with the correct URL.
An alternative would be to use RewriteMap, which lets you write a RewriteRule where the target is determined by a program or file of your choice instead of being directly specified in the configuration file. As one option, you can specify a text file that contains the old and new URLs, and Apache will handle searching the file for the appropriate line for any given request. Read the documentation (linked above) for the full details. I will mention that this isn't used very often, and I'm not sure how much faster it would be compared to just having 3000 redirects.
Last tip: Apache can be significantly faster if you're able to move the configuration directives (like Redirect) into the server or virtual host configuration file, and disable reading of .htaccess entirely. I would guess that moving 3000 directives from .htaccess into the virtual host configuration could make your server considerably faster. But even moving the directives into the vhost config file probably wouldn't produce as much of a speedup as using a single RewriteRule.
It's never a good idea to make a massive list of Redirects. A better programming technique is to simply redirect the pages without that date variable then have a small PHP snippet that detects if it's missing and redirects to the URL with it included. The long list looks tacky and slows down Apache because it's checking that URL (any every other URL that might not even be affected by this) against each line. If it were only 5 or so, I'd say fine, but 3,000 is a definite NO.
Although I'm not a big fan of this method, a better choice would be to redirect all those URLs normally using a single match statement, redirecting them to the page without the date part, or with a dash or something, then include a small PHP snippet to check if the date is valid and if not, rewrite the path again to the correctly formed URL.
Honestly, if you didn't have that part there before, you don't need it now, and it will probably just confuse the search engines changing the URL for 3,000 posts. You don't really need a date in the URL, a good title is much more meaningful not only to users, but also to search engines, than a bunch of numbers.