URL rewriting: non-redirect but changing url - .htaccess

I have configured my .htaccess file for url rewriting.
I'm just using the [L] flag, no [R] flag for a rule.
When I'm testing it in my browser, the page is called but... with the parameter url appearing. This is what I don't want, of course.
My .htaccess file:
RewriteEngine on
RewriteRule ^testing/([0-9a-zA-z_-]+)/([0-9a-zA-z_-]+)$ http://localhost/testing/index.php?a=$1&b=$2 [L]
Is it because I'm testing it on a localhost?

When you use a URL with a FQDN then it automatically redirects, simply because in order to internally rewrite the URI to http://localhost/... the handler at the end of the URL-file mapping processing pipeline redirects (with a 302) anyways. You either need to pick the local path for the target or if it's in a different place than the server/vhost that is processing the request, use the P flag:
Pointing to a local URI of the server/vhost:
RewriteRule ^testing/([0-9a-zA-z_-]+)/([0-9a-zA-z_-]+)$ /testing/index.php?a=$1&b=$2 [L]
Using the P flag to proxy the request:
RewriteRule ^testing/([0-9a-zA-z_-]+)/([0-9a-zA-z_-]+)$ http://localhost/testing/index.php?a=$1&b=$2 [L,P]

Related

Restrict access to TYPO3 backend via .htaccess

I'm trying to restrict access to the TYPO3 backend and the install tool. Beacause of that, the IPMaskList isn't the best thing to do so. I tried an .htaccess file in the /typo3 directory and it worked quite well to certain point. The following code was used to accomplish that:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !=<my_ip>
RewriteRule ^(.*)$ https://example.com [R=301]
Only the computer with the listed ip can access the index.php or install.php, which is very good. But as soon as I click the login button, and the URL changes to https://example.com/typo3/login?loginProvider=1433416747, it throws a 404 error. First, I thought it was the configured IP, as the server is requesting a page, and not my computer, but I don't know how to implement that.
The problem might just be that you are missing the L flag on the RewriteRule. The missing L flag will cause processing to continue through the remaining directives which probably includes a front-controller pattern. Typo3 then generates a 404 because https://example.com is not a valid "Typo3" URL.
But also...
First, I thought it was the configured ip, as the server is requesting a page, and not my computer,
If the server itself is also making an HTTP request (although not sure why) then you will also need to permit the server's IP address in your rule. For example:
RewriteCond %{REMOTE_ADDR} !=<my_ip>
RewriteCond %{REMOTE_ADDR} !=<server_ip>
RewriteRule ^ https://example.com/ [R=301,L]
Additional changes:
Missing L flag. (Mentioned above)
Missing trailing slash after the hostname (the browser "corrects" it).
No point capturing the URL-path in the RewriteRule pattern.
Although if you simply ant to restrict access then why not serve a "403 Forbidden" instead. Change the RewriteRule accordingly:
:
RewriteRule ^ - [F]
(L flag not required here.)
UPDATE:
No, by default there's no .htaccess in that dir, only the one in the root dir. Only with a .htaccess in the typo3 dir it's resulting in a 404. That's my only content in this particular .htaccess.
By enabling the rewrite engine in the subdirectory then it's going to completely override any mod_rewrite directives in the parent .htaccess file (by default), regardless of whether you are accessing the site by your IP or not. It would seem there are mod_rewrite directives in the parent/root .htaccess file that are required for your Typo3 installation to function (a front-controller pattern perhaps). (I had assumed these were all in the /typo3/.htaccess file.)
There are two solutions:
Move the above rule to the top of the root .htaccess file, adjusting accordingly. And delete the /typo3/.htaccess file. For example:
# In the root ".htaccess" file
RewriteCond %{REMOTE_ADDR} !=<my_ip>
RewriteRule ^typo3(/|$) - [F]
OR
Don't use mod_rewrite to block the request. For example, use an Apache expression with mod_authz_core instead. For example:
# In the "/typo3/.htaccess" file
<If "! -R '<my_ip>'">
Require all denied
</If>

How to Rewrite Rule for folder permission error?

I have assets[/admin/assets] directory which I restricted access from browser.
So whenever user requested on [/admin/assets] , I want to rewrite rule to [admin/index.html].
I tried with below setting , but this doesn't rewrite to expected path but show permission access error with 403.
RewriteRule /assets /index.html [L]
I have one solution for that by handling ErrorDocument. But I don't prefer it that way, I want to handle by RewriteRule .
This can be achieved using the mod_rewrite module in Apache web server. You can add the following code in your .htaccess file or server configuration file to rewrite the URL:
RewriteEngine on
RewriteCond %{REQUEST_URI} /assets
RewriteRule ^assets/(.*)$ /admin/index.html [L]
The RewriteEngine directive turns on the rewriting engine.
The RewriteCond directive specifies a condition that must be met before the RewriteRule is applied. In this case, the condition checks if the requested URL starts with "/assets".
The RewriteRule directive specifies the actual URL rewriting. The pattern "^assets/(.)$" matches any URL that starts with "/assets/", and captures the rest of the URL into a group (.). The URL is then rewritten to "/admin/index.html". The [L] flag specifies that this is the last rule to be applied, so no further rewriting should take place.
I set by Directory module with Require All Denied
You can't block access and rewrite the request. The <Directory> container will take priority. (But there's no point blocking the request when you want to rewrite it. You are essentially blocking it by rewriting.)
Remove the <Directory> block and directly inside the <VirtualHost> container (outside of any <Directory> section) use mod_rewrite:
RewriteEngine On
RewriteRule ^/admin/assets($|/) /admin/index.html [L]
Any requests to /admin/assets or /admin/assets/<anything> are internally rewritten to /admin/index.html.

Redirect all URLS to new URL EXCEPT for /backend/ with .htaccess

I want to redirect all incoming queries to a new domain, except for /backend
I have this in my .htaccess, everything works, except for the /backend. I tried a few combinations, it just doesnt work.
I fear /backend is a virtual address....
what can i do?
HERE IS THE CODE:
RewriteCond %{HTTP_HOST} ^example.de$ [OR]
RewriteCond %{HTTP_HOST} ^www.example.de$
RewriteCond %{REQUEST_URI} !^/backend/$
RewriteRule (.*)$ https://www.bing.de/ [R=302,L]
PLEASE HELP. Thank you. Patrick
I fear /backend is a virtual address....
In which case you most probably have other mod_rewrite directives that rewrite the request to a front-controller (such as index.php) - and that's the problem. Whilst your existing rule includes an exception for /backend/ (the originally requested URL), so the rule is skipped on the first pass by the rewrite engine, once the request is rewritten to the front-controller (eg. index.php) the rewrite engine begins a 2nd pass which results in the rule being successfully executed since the URL is now /index.php (or whatever your front-controller is) and not /backend/.
You either need to:
modify the other directives that rewrite the request to the front-controller, so as not to trigger a 2nd pass through the rewrite engine. (You've not included your complete .htaccess file, so I'll discount this approach for now.)
OR, make sure you only examine the originally requested URL and not the rewritten URL. (The REQUEST_URI server variable is modified as the request is rewritten.)
However, I would assume that your /backend/ page also links to static assets (such as images, CSS, JS)? In which case, you also need to make exceptions for any additional static assets that are used by the page, otherwise these will also be redirected. For the sake of this example, I will assume all you static assets are located in an /assets subdirectory.
Try the following instead, near the top of your root .htaccess file:
RewriteCond %{HTTP_HOST} ^(www\.)?example\.de [NC]
RewriteCond %{THE_REQUEST} !\s/backend/\s
RewriteRule !^assets/ https://www.bing.de/ [R=302,L]
Note that this rule must go before the rewrite to the front-controller.
The THE_REQUEST server variable contains the first line of the HTTP request headers and importantly, does not change as the request is rewritten. This contains a string of the form GET /backend/ HTTP/1.1 (containing the request method, URL and protocol).
If there are no external assets then change the RewriteRule pattern from !^assets/ to simply ^, to match everything.

Redirect all URLs starting with https:// to same URLs starting with http://

I've been looking for this solution but can't get it anywhere.
I have a website (shop) with SSL set up on it, working fine except in the area where customers would get an URL to the file they just purchased.
So, my working url to a download file should look something like this:
https://www.mywebsite.com/index.php?eddfile=123456etc
But the files only work if you browse them without HTTPS prefix:
http://www.mywebsite.com/index.php?eddfile=123456etc
So what I need is just to remove the https from these URLs that start with:
https://www.mywebsite.com/index.php?eddfile
And redirect them to the same URLs but without https prefix rather with regular prefix:
http://www.mywebsite.com/index.php?eddfile
Note: this is not a regular https to http (or vice versa) redirection for which I found answers here - Although this should be a simple .htaccess redirection, I need to make sure that this only happens to the urls that are beginning as described above
I tried to do something like this:
RewriteEngine On
RewriteCond %{REQUEST_URI} eddfile
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]]
But no success with that
As Martin suggests in comments, the real solution would be to fix why your HTTPS URL does "not work". (But also, why not just link directly to the HTTP URL if that "works"?)
Anyway, to answer your specific question... try the following near the top of your .htaccess file instead:
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteCond %{QUERY_STRING} ^eddfile=.
RewriteRule ^index\.php$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L]
This is only a "temporary" (302) redirect, since this is only a "temporary" fix.
eddfile is part of the query string, not the URL-path. The query string is automatically passed through to the substitution, providing you don't provide a query string.
Since you say the HTTP URL "works" then I assume you don't have an HTTP to HTTPS redirect?? Otherwise, you would need to include an exception with this redirect in order to avoid a redirect loop.

htaccess redirect if url contains word on changed url

If my url will like this:
http://id.factor.ua/bez-rubriki/checkout/?price=...
And url will contains bez-rubriki
How I can redirect using .htaccess to this url BUT without this slug, like next URL:
http://id.factor.ua/checkout/?price=...
As simple as this for an internal rewrite:
RewriteEngine on
RewriteRule ^bez-rubriki/checkout/$ /checkout/ [L,QSA]
For an external redirection add the R flag:
RewriteEngine on
RewriteRule ^bez-rubriki/checkout/$ /checkout/ [R=301,L,QSA]
The above are the versions to be used inside .htaccess style files.
A general note: if you have control over the http server configuration, then you should always prefer to place such rules inside the host configuration instead of using .htaccess style files. Those files are notoriously error prone, make things complex, are hard to debug and really slow the server down. They should only be used if there is no control of the http server configuration or if some app requires dynamic changes to the configuration.
So in case you want to place those rules in the host configuration you need a small modification. You have to include the leading slash (/) into the regex testing the request path:
RewriteEngine on
RewriteRule ^/bez-rubriki/checkout/$ /checkout/ [L,QSA]
And the version doing an external redirection:
RewriteEngine on
RewriteRule ^/bez-rubriki/checkout/$ /checkout/ [R=301,L,QSA]

Resources