deny files without extension with .htaccess - .htaccess

my server was hacked and somebody placed files without a file extension.
how can I deny access to those files with .htaccess?
and does it even make sense?

does it even make sense?
No. First, you need to figure out how your server was hacked, and fix that. Second, if you have all these files being served from within your document root you need to remove them. If it's a matter of you not knowing what's been changed, then you need to revert to a backup, or go through file per file your entire site and purge the files that don't belong there and check the files that should be there that they've not been modified.
But if you still want to try to use rewrite rules, for the sake of the exercise, to prevent access to files without an extension, you'd want something like this:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule (^|/)([^/.]+)$ - [L,F]
Note that if your server got hacked, they can easily change your htaccess file.

Related

.htaccess redirect a fake directory to an actual directory

I've seen many examples of using .htaccess, but I couldn't find this one. I am currently using WHMCS, and I want to be able to have a fake admin directory to use as a decoy, but as soon as the system recognizes that there is an admin directory, it will no longer let me access the actual administrator directory. (Ensuring a user properly upgraded).
I am trying to make a rule that will redirect something like example.com/admin to example.com/fakeadmin, where fakeadmin is the real directory. So far, I did:
RewriteRule ^admin$ /fakeadmin/$1 [L,NC]
This works if I access example.com/admin, but I need it so that it would work for example.com/admin/folder1, and so on.
Basically, creating a fake "duplicate" of a directory with htaccess.
Thanks.
You have the $1 in your rule but you aren't using a capture group, so that won't do anything. You are basically just telling it to only match on admin. You can do something like this.
RewriteRule ^admin/?(.*)/?$ /fakeadmin/$1 [L,NC]

Clean URL rewriting rule

right now my url looks like this:
http://domain.com/en/c/product%2C-product2%2C-product3/82
where last number is category numer.
And im trying to rewrite it and redirect user to url which should look this one:
http://domain.com/82/product-product2-product3
The clue is I want to hide "en/c/" part and clean url from commas and blank spaces. I'm completely green in rewriting.
Any ideas?
You can use these 2 rules in your root .htaccess for that:
RewriteEngine On
RewriteBase /
RewriteRule ^en/c/([^,\s]*)[,\s]+([^,\s]*)/(\d+)/?$ $3/$1$2 [NC,L,NE,R=302]
RewriteRule ^(en/c)/([^,\s]*)[,\s]+(.*)/(\d+)/?$ $1/$2$3/$4 [NC,L]
In order for this to work, we need to tell the server to internally redirect all requests for the URL "url1" to "url2.php". We want this to happen internally, because we don't want the URL in the browser's address bar to change.
To accomplish this, we need to first create a text document called ".htaccess" to contain our rules. It must be named exactly that (not ".htaccess.txt" or "rules.htaccess"). This would be placed in the root directory of the server (the same folder as "url2.php" in our example). There may already be an .htaccess file there, in which case we should edit that rather than overwrite it.
The .htaccess file is a configuration file for the server. If there are errors in the file, the server will display an error message (usually with an error code of "500").
If you are transferring the file to the server using FTP, you must make sure it is transferred using the ASCII mode, rather than BINARY. We use this file to perform 2 simple tasks in this instance - first, to tell Apache to turn on the rewrite engine, and second, to tell apache what rewriting rule we want it to use. We need to add the following to the file:
RewriteEngine On # Turn on the rewriting engine
RewriteRule ^url1/?$ url2.php [NC,L] # Handle requests for "url1"

CodeIgniter: js and css files inside "application" folder. How to do?

I just installed CodeIgniter 3 and it seems that JS,CSS and images should be placed OUTSIDE Application folder. If not, link to those files does not run.
For many reasons I would like to have these kind of files inside application/views folder. I think that I should correctly set .htaccess file, but I would also like to "lower my defenses less possible".
What do you suggest?
All you need to do is in the application folder .htaccss change deny all to allow all and then make sure you auto load url helper and the call your folder from where ever you want.
Update you could try this code in application/.htaccess
RewriteEngine on
RewriteCond $1 !^(index\.php|assets|assets/css|assets/js|assets/ficheros|assets/img|robots\.txt)
RewriteRule ^(.*)$ index.php/$1 [L]
rename assets folder to what you want if using xampp/wampp etc do not for get to stop and then restart it. Of course when paste code do not for get to remove the deny all.
Its simple, just delete the contens inside the .htaccess file. It worked for me.

How to change base_url in drupal 7, fail to find answer online

I am trying to change base_url on my drupal 7 website, but failed to do it and google a lot, still could not solve it .
I am running localhost/drupal "on my local server. but I want to run it like
" localhost ". ( sorry I have to get rid of http://, otherwise it doesnot let me post)
How to get rid of folder in the url. I know I need to change $base_url on sites/default/setting.php to
$base_url = 'localhost'; // NO trailing slash! ( sorry I have to get rid of http://, otherwise it doesnot let me post)
And in the .htaccess file I am so confused what should I change. People online have their own solution, some said they work , some could not . Could someone give me some suggesttion ?
I assume this has to do with where you have placed your files.
In your file system, remove the 'drupal' directory and place all the files within that at /var/www/html ... instead of /var/www/html/drupal, if that's how it is currently set up.
I feel your pain; I've had this trouble myself before and I believe I had to alter both the settings.php and the htaccess (but try one at a time to begin with). I'm fairly sure that the section below in your .htaccess is what needs changing (just remove the hash from in front of the RewriteBase line). If you're unsure of what you're doing, make a copy of your .htaccess as htaccess.txt and then you can always switch back over if things get nasty.
# Modify the RewriteBase if you are using Drupal in a subdirectory or in a
# VirtualDocumentRoot and the rewrite rules are not working properly.
# For example if your site is at http://example.com/drupal uncomment and
# modify the following line:
# RewriteBase /drupal
I just realised that what you need is a re-write rule in an .htaccess file within your root folder (not the one that's inside the drupal folder). First, undo any edits you've already made, then create an .htaccess file in the same folder that contains your drupal folder and in it, add:
RewriteEngine On
RewriteRule ^$ /drupal [L]
That should send any traffic from the root into the drupal file structure. If you get issues with strange css, or urls that include the /drupal path, you'll need to revisit the other options in the /drupal/.htaccess file and your settings.php file in order to get it all working correctly.
However, going down this route, you may as well just copy all the files and folders into the root directory anyway (as the first answer suggested), assuming you're not going to be running multiple sites. If you do want to be testing multiple sites, you can just change the RewriteRul above to whatever site directory you're wanting to test in future.

simple .htaccess rewrite URL to different directory on same server

Ok, I'm clueless here...
I need to rewrite a directory structure and all sub-directories within it to a directory within the same server, but a root that is before the directory.
For example:
http://www.mydomain.com/Themes/default/css/folder
and all directories called upon after folder. Such as folder/sub_folder or folder/afolder/anotherfolder, it needs to include ALL sub-directories within the folder directory.
should be redirected to this:
http://www.mydomain.com
How do I do this via a .htaccess file within the folder path http://www.mydomain.com/Themes/default/css/folder?
Please someone help.
Thanks guys :)
The files within the directory structure still need to be accessible for that structure when called via PHP, but I don't want people being able to browse to http://www.mydomain.com/Themes/default/css/folder and be shown all subdirectories within that folderpath and/or all files. Same thing for all sub-directories that follow that folder path.
I'd like to be able to place the .htaccess file within the http://www.mydomain.com/Themes/default/css/folder directory on the server, but don't know exactly what code to use for this.
ALSO, even more challenging... The domain name can change, so I'd rather not use the domain name within the .htaccess file, instead perhaps use .. or . to go up a directory or a different method of grabbing the domain name within the .htaccess file.
Create a .htaccess file in /Themes/default/css/folder and place these lines there (it requires mod_rewrite):
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ http://%{HTTP_HOST}/ [R=301,L]
It will redirect (301 Permanent Redirect) all requests to a folder to a homepage. If file is requested, it will allow it.
If you want to have it working for folders as well as files then remove the RewriteCond line -- it will redirect ALL requests (even for non-existing URLs) to a homepage.
If you will see "500 Internal Server Error" after creating such file, then it is your server configuration: mod_rewrite may not be enabled or it's directives (RewriteRule, RewriteCond, RewriteEngine) are not allowed to be placed in .htaccess. In any case -- check Apache's error log for exact error message (it will give you the exact reason).
http://www.besthostratings.com/articles/prevent-directory-listing.html
IndexIgnore *

Resources