htaccess only accept traffic from specific http_referer - .htaccess

I'm trying to set up a htaccess file that would accomplish the following:
Only allow my website to be viewed if the viewing user is coming from a specific domain (link)
So, for instance. I have a domain called. protect.mydomain.com . I only want people coming from a link on unprotected.mydomain.com to be able to access protect.mydomain.com.
The big outstanding issue I have is that if you get to protect.mydomain.com from unprotected.mydomain.com and click on a link in the protect.mydomain.com that goes to another page under protect.mydomain.com then I get sent back to my redirect because the http_referer is protect.mydomain.com . So to combat that I put in a check to allow the referrer to be protect.mydomain.com as well. It's not working and access is allowed from everywhere. Here is my htaccess file. (All this is under https)
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_REFERER} ^https://(.+\.)*mydomain\.com
RewriteCond %1 !^(protect|unprotected)\.$
RewriteRule ^.*$ https://unprotected.mydomain.com/ [R=301,L]

You are matching your referer against ^https://(.+\.)*mydomain\.com. Which means if some completely other site, say http://stealing_your_images.com/ links to something on protect.mydomain.com, the first condition will fail, thus the request is never redirected to https://unprotected.mydomain.com/. You want to approach it from the other direction, only allow certain referers to pass through, then redirect everything else:
RewriteEngine On
RewriteBase /
# allow these referers to passthrough
RewriteCond %{HTTP_REFERER} ^https://(protect|unprotected)\.mydomain\.com
RewriteRule ^ - [L]
# redirect everything else
RewriteRule ^ https://unprotected.mydomain.com/ [R,L]

Related

Redirect all subdomains and subdirectories to index page using .htaccess

I have a Detroit iOS & Android Mobile App Development website that only has one web page : index.html.
The source code of the site is here.
Instead of showing a 404 error page, I want to redirect the user to thefirstprototype.com if they try to go anywhere else or try to put anything after.
For eg:
mail.thefirstprototype.com takes the user to just thefirstprototype.com
thefirstprototype.com/mail takes the user to just thefirstprototype.com
I know it's possible to do it using a .htaccess in the root folder, but I am just not sure how. There are a lot of tutorials showing how to do it between different domains, but nothing to my specific case. How do I do it?
Thanks
Edit1: Please note that I am not using any CMS like Wordpress. I am just plain FTP to push a static HTML, CSS, JS webpage to the hosting server
Try the following:
DirectoryIndex index.html
RewriteEngine On
# Redirect non-canonical hostnames (eg. mail)
RewriteCond %{HTTP_HOST} !^example\.com$
RewriteRule ^ http://example.com/ [R=302,L]
# Redirect 404 to root
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . / [R=302,L]
However, whether this catches requests for the mail. subdomain will depend on whether that subdomain points to the same place as your main domain. (For cPanel shared hosting, that is not necessarily the case.)
Change the 302 (temporary) redirect to 301 only once you have tested that this works OK - to avoid potential caching issues associated with 301 (permanent) redirects.
As an added bonus, you could redirect any direct requests for index.html back to the root. For example, add the following between the above two rule blocks:
# Remove "index.html" if requested directly
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^index\.html$ / [R=302,L]
The condition that checks against the REDIRECT_STATUS environment variable is to ensure we don't get a redirect-loop since mod_dir internally rewrites the request to index.html.

.htaccess Redirect from sub.domain.com.au* to www.domain.com.au/URL

I am attempting to redirect a development site that has been indexed by search engines to a specific category in the new live site.
The development site URL was:
http://staging.mydomain.com.au/
There are multiple page url's after the domain so I'd like to redirect all of these to the same new URL.
E.g.
http://staging.mydomain.com.au/essential_grid/
http://staging.mydomain.com.au/feed/
The new url is, where "/portfolio/" is where I need the old URLs redirected to:
http:www.mydomain.com.au/portfolio/
While I'm not receiving any error messages, staging.mydomain.com.au is
not redirecting to www.mydomain.com.au/portfolio/
This is a snippet of what I have in my .htaccess file at present:
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^staging.mydomain.com.au$
RewriteRule ^(.*)$ http://www.mydomain.com.au/portfolio [R=301,L]
</IfModule>
Any help would be greatly appreciated.
UPDATE: It seems (from comments) that staging. no longer exists - that's the problem! staging. needs to exist (ie. the DNS must resolve) so that the request gets to your server in order to do the redirect. If staging. does not exist then the initial request will simply fail (the browser will fail to lookup the domain and you'll get a DNS error).
You need to recreate the staging subdomain (even with no files) and then implement the redirect below.
Your RewriteRule actually looks OK - assuming you are wanting to redirect all those URLs to the single /portfolio URL. However, the order should perhaps be changed to have the redirect before the internal rewrite. RewriteEngine only needs to be included once and you don't need RewriteBase in the code you have posted. So, this should be rewritten as:
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} ^staging\.mydomain\.com\.au$
RewriteRule ^ http://www.mydomain.com.au/portfolio [R=301,L]
^(.*)$ is reduced to simply ^ since you don't need to capture the URL for a backreference in the substitution.
I've also removed the other RewriteRule as it doesn't appear to be doing anything?
Also note that 301 redirects are cached by the browser, so make sure that you clear your browser cache between failed attempts. It can be easier to test with 302 temporary redirects for this reason.

Tricky: Remap url but stay on the same url internally

Need your help. Just spend many ours on this htaccess problem and still don't have a clue how to manage this.
I have many http://www.example.com/menu-alias/foo links on my company's website which should get redirected to http://www.example.com/foo.
This alone shouldn't be the hard part but listen up... the tricky part follows.
I don't manage to get the site (Joomla 1.5) working without the 'menu-alias' this means that all http://www.example.com/foo should get internally mapped to http://www.example.com/menu-alias/foo. So that the user still has http://www.example.com/foo in his browser's address bar.
To make it even more complicated i have to 301 redirect the old menu-alias/foo links to /foo.
Can some htaccess guru help me out? Is this even possible?
You can try adding these rules in the htaccess file in your document root (or vhost config):
RewriteEngine On
# externally redirect requests that have "menu-alias"
RewriteCond %{THE_REQUEST} /menu-alias/([^\ \?]+)
RewriteRule ^ /%1 [L,R=301]
# internally rewrite requests back to menu-alias
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/menu-alias/
RewriteRule ^/?(.*)$ /menu-alias/$1 [L]
Couple of potential problems:
Joomla may be looking for the original un-rewritten request in $_SERVER, if so, the rewrite won't work.
The rule to add the /menu-alias/ back into the URI does so blindly rewrites all requests that don't point to an existing resource. This means "virtual" paths that Joomla may handle will get a "menu-alias" appended to the front.

How to redirect a first time visitor using htaccess

How to redirect a first time user to a special landing page using htaccess based on referrer? I mean if they came from another domain then they are the first time visitor?
I am really noob at url rewriting and explanation would be great .
Note: the landing page is nothing but a php script that detects browser. On that page I will use cookie, but need to redirect the user if the referrer is empty or its from another domain.
I suggest this :
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^(www\.)?(https?://)?example\.com[NC]
RewriteCond %{REQUEST_URI} !^/welcome.html [NC]
Rewriterule ^(.*)$ http://example.com/welcome.html [r=307,L]
The first RewriteCond check if referer contains your domain name, and the second check if you are not just redirected by the RewriteRule.
The RewriteRule brings you to the welcome page as a [L]ast rule.
How about redirect the use if his referer is not your domain ?
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^(www\.)?(https?://)?(?!example\.com) [NC]
Rewriterule ^(.*)$ http://example.com/welcome.html [r=307,NC]
That means that the user will be redirected to welcome.html if he writes example.com in the address bar or comes from a link in another site. Once on your site it won't be redirected anymore if he load another page in your site.
P.S. AFAIK you can use cookies in PHP that generates a plain html page see here
Edit: Update tested code
Excuse my reheating the old steak once more.. I would still be interested in knowing if anyone knows the solution to this problem - without using cookies or HTML5 features...
I have read here that the HTTP_REFERER might be blank. Is that why this method of redirecting is not good for this application? I have experimented with this on my server but the closest result working result was being always redirected to my landing page index.htm, which is not desired..
Could this rule interfere with other rewrite rules?
Also, there is an error in the former snippet:
And I think the NC flag in the latter snippet does not make sense. Should it not be L?
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^(www\.)?(https?://)?example\.com[NC]
#missing space after .com and before [----------------here----^
RewriteCond %{REQUEST_URI} !^/welcome.html [NC]
Rewriterule ^(.*)$ http://example.com/welcome.html [r=307,L]
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^(www\.)?(https?://)?(?!example\.com) [NC]
Rewriterule ^(.*)$ http://example.com/welcome.html [r=307,NC]
#Should this flag not be L? ------------------------------^

How do I rewrite a URL so that the rewrite can be typed into the URL bar?

I have the following page: www.domain.com/index.php?route=information/contact and I'd like to rewrite it so that it shows up as: www.domain.com/contact, but there's more...
What's important, is that when someone types in www.domain.com/contact, it redirects them to www.domain.com/index.php?route=information/contact, which in turn, is rewritten as www.domain.com/contact.
I appreciate any help! Thanks.
Edit: To clarify
I want users to be able to enter www.domain.com/contact and be redirected to www.domain.com/index.php?route=information/contact.
However once redirected, I'd like a purely aesthetic rewrite so that www.domain.com/index.php?route=information/contact shows up as www.domain.com/contact (the same as what they typed in.)
Is this possible?
Edit: My .htaccess file currently...
Options +FollowSymlinks
# Prevent Directoy listing
Options -Indexes
# Prevent Direct Access to files
<FilesMatch "\.(tpl|ini)">
Order deny,allow
Deny from all
</FilesMatch>
# SEO URL Settings
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)\?*$ index.php?_route_=$1 [L,QSA]
RewriteCond %{QUERY_STRING} ^route=common/home$
RewriteCond %{REQUEST_METHOD} !^POST$
RewriteRule ^index\.php$ http://www.domain.com/? [R=301,L]
### Additional Settings that may need to be enabled for some servers
### Uncomment the commands by removing the # sign in front of it.
### If you get an "Internal Server Error 500" after enabling, then restore the # as this means your host
doesn't allow that.
# 1. If your cart only allows you to add one item at a time, it is possible register_globals is on. This
may work to disable it:
# php_flag register_globals off
Try these rules in your .htaccess file:
Options +FollowSymlinks -MultiViews
RewriteEngine on
RewriteCond %{THE_REQUEST} ^GET\s/+index\.php [NC]
RewriteCond %{QUERY_STRING} ^route=information [NC]
RewriteRule . /warranty? [L,NC,R=301]
RewriteRule ^warranty$ /index.php?route=information/contact [L,NC]
L will make sure that user's URL in browser doesn't change and redirection happens internally.
Your question is extremely unclear, and I suspect that inexperience is to blame.
With the following rule:
RewriteRule /?(.*) index.php?route=information/$1
the location bar will read "/contact" but index.php will be invoked via an internal rewrite.
With a small modification:
RewriteRule /?(.*) index.php?route=information/$1 [R]
the location bar will read "/index.php?route=information/contact" and index.php will be invoked, after the redirect.
As always, the rule should follow the appropriate RewriteCond so as to avoid rewriting if an actual file is requested.
AFAIK, you can't make the address bar show a different address than the one that the page was loaded from. If you want the user to see www.domain.com/contact in the address bar when viewing the page, you need to make the server actually return the page content (not a redirect) when that URL is requested.
I think you might be misunderstanding URL rewriting: it's not for changing what the user sees in the address bar, it's for changing what the server sees when a request arrives from the user. If you create a rewrite rule that changes /foo to /bar, then when the user types /foo in their browser, the server will treat it as a request for /bar.
What you want, I think, is that when the user types www.domain.com/contact in their browser, the server should treat it as a request for www.domain.com/index.php?route=information/contact, but the browser should still show the pretty URL that the user typed. The way to do that is to simply rewrite /contact to /index.php?route=information/contact on the server. No redirect is needed; the user simply requests the pretty URL, and the server handles the request based on the equivalent ugly one and sends back the resulting page.

Resources