I used the below to disable ,but my subdomains also not accessing .is there any code for only keeping for some folders ?
# disable directory browsing
Options All -Indexes
You can disable directory browsing using htaccess and mod_rewrite, and you'd be able to do it only under certain conditions. For example,in an htaccess file in the directory you want to disable directory browsing:
RewriteEngine On
RewriteCond %{HTTP_HOST} !subdomain.domain.com [NC]
RewriteRule ^$ - [L,F]
This will disable directory listing only if the host isn't subdomain.domain.com.
Or:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !123.45.67.89 [NC]
RewriteRule ^$ - [L,F]
This will disable directory listing only if the request isn't made from the IP: 123.45.67.89
Sounds like you put the code in a .htaccess file in your web root folder. You can instead use the same code in a .htaccess file in each of the folders you want to prevent directory browsing.
Related
I have a folder export that is accessible to all my subdomains:
/export/sub1/...
/export/sub2/...
/export/sub3/...
Right now, regardless of what subdomain you're on, you can see all of the content by changing the directory in the url.
It's not a security issue, but more of a canonicalization concern, but I'd like to use an .htaccess file to rewrite the folders so people see a modified path that matches up with their subdomain:
sub1.domain.tld/export/... is served from /export/sub1/...
sub2.domain.tld/export/... is served from /export/sub2/...
sub3.domain.tld/export/... is served from /export/sub3/...
How can I do this?
You can use this generic rule in site root .htaccess:
RewriteEngine On
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteCond %{HTTP_HOST} ^(?!www\.)([^.]+) [NC]
RewriteRule ^/?export/(.*)$ /export/%1/$1 [L,NC]
The goal is to prevent anyone other than the application itself from accessing the items within several specific folders.
Having read through some of the answers, I have:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://app.domain.co.uk/*
RewriteRule ^(folder1|folder2)$ - [L,F]
I've placed the .htaccess in the same folder as folder1 and folder2, but it's not blocking access from external sources.
I've tried forward slashes before the folder names, but that made no difference.
Also, we are using the app sub-domain, and we are using SSL, if that's of importance.
Any suggestions?
use this rule as your first rule in the .htaccess placed in parent folder of folder1, folder2:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://app\.domain\.com [NC]
RewriteRule ^/?(?:folder1|folder2)(?:/.*)?$ - [L,NC,F]
# rest of your rules go below this
My folders in my www directory as set up as follows:
www/forums
www/helpdesk
www/www
In the base www folder (not www/www), I have the following set up in my htaccess file to redirect based on subdirectory
# Direct subdomains to appropriate folder in WWW directory
RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
I also have the following set up for configuring the index.php on the main site (www.example.com) - this is also in the htaccess file in the www directory:
# Rewrite rules
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ www/$1 [L,QSA]
The problem I am facing is that I have stuff from forums.example.com that I want to embed in www.example.com (Vanilla Forums + WordPress plugin) - if I configure this using the admin panels, the iFrame gets blocked because they are different domains.
I found out that when I go to www.example.com/forums, I get the same front page as forums.examples.com - but all the clean URLs break.
When I look at the .htaccess file in the www/forums folder, I see the following configuration
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php\?p=$1 [QSA,L]
What do I need to do to the .htaccess file in the www directory so that when I go to www.example.com/forums, it works the same as if I went to forums.example.com
...the following set up in my htaccess file to redirect based on subdirectory
# Direct subdomains to appropriate folder in WWW directory
Aside: That snippet is just a canonical non-www to www redirect. It doesn't "redirect based on subdirectory" nor does it "direct [any] subdomains". (?)
the iFrame gets blocked because they are different domains.
It sounds as if you need to set an Access-Control-Allow-Origin HTTP response header on forums.example.com to allow the content to be "embedded" in example.com? Something like the following (using mod_headers) in the www/forums/.htaccess file:
Header set Access-Control-Allow-Origin "http://example.com"
What do I need to do to the .htaccess file in the www directory so that when I go to www.example.com/forums, it works the same as if I went to forums.example.com.
How do "all the clean URLs break"? However, given the HTTP header mentioned above, you shouldn't have to do anything more and still access forums.example.com (not the subdirectory).
Incidentally, the fact you can access the subdirectory (that the subdomain points to) is just how your hosting is configured. Normally you should block access to the subdirectory in order to prevent duplicate content issues (and any other issues, such as the linking problem you mention).
Also note, that due to the way mod_rewrite directives are inherited (or not in this case). The mod_rewrite directives in the www/forums/.htaccess file completely override the mod_rewrite directives in the parent folder.
I want to use .htaccessto redirect different requests to the same folder.
E.g.:
domain.de/ordner1/fileX.html
domain.de/en/folder1/fileX.html
domain.de/it/casella1/fileX.html
So whenever something is requested out of /ordner1/, /folder1/ or /casella1/ I want .htaccess to fetch the requested file out of a specific directory like domain.de/all/fileX.html.
I want to prevent duplicate content but also keep the foldernames in the selected language.
Could you help me solve this problem?
Try adding the following to the .htaccess file in the root directory of your site.
RewriteEngine on
RewriteBase /
#skip css, js etc
RewriteCond %{REQUEST_URI} !\.(css|js)[NC]
#if request to ordner or folder1 or casella1, serve the file from all/
RewriteRule ^(ordner1|en/folder1|it/casella1)/(.+)$ all/$2 [L,NC]
In your docroot/.htaccess:
RewriteEngine On
RewriteBase /
RewriteRule ^(ordner1/|en/folder1/|it/casella1/)(.*$) all/$2 [L]
You would need to add extra names to map other translation equivalents.
I have hosting setup with a master domain (mapped to the web root) and then a number of addon domains (each with their own folder within the web root). At the moment you can visit www.masterdomain.com/addondomainsubdir and reach the same page as you would if you visited www.addondomain.com (which maps to /public_html/addondomainsubdir). I want to prevent this so if you visit www.masterdomain.com/addondomainsubdir then it will do a 301 redirect to www.addondomain.com. The new addondomain.com site is a single page site so it does not have to map any additional pages.
Adding rules to the htaccess file in the web root does notaffect anything as the subdir exists which is wierd as i thought the htaccess command should work even if there is a matching subdir (i've tried the following which works when there's no matching subdir):
RewriteRule ^addondomainsubdir?$ http://www.addondomain.com [NC,R=301,L]
Logically given it's reaching this directory I figure i need to add a command within the htaccess file in the addondomainsubdir directory however nothing appears to have any effect (i've got various other rules setup and they work fine).
I would be massively grateful if anyone explain the best way to rectify this?
Thanks so much for your help,
Dave
I know this is an old post, but it has never been successfully answered. So for all of you finding this via search, this should do what the OP is asking.
Add this line to your .htaccess file:
redirect permanent /addondomainsubdir/ http://www.addondomain.com
Try these rules in your .htaccess:
Options +FollowSymlinks -MultiViews
RewriteEngine on
# for http
RewriteCond %{HTTP_HOST} ^(www\.)?masterdomain\.com$ [NC]
RewriteCond %{SERVER_PORT} =80
RewriteRule ^([^/]+)/?$ http://www.$1.com/ [R=301,L]
# for https
RewriteCond %{HTTP_HOST} ^(www\.)?masterdomain\.com$ [NC]
RewriteCond %{SERVER_PORT} =443
RewriteRule ^([^/]+)/?$ https://www.$1.com/ [R=301,L]
Instead of putting a rule in your main .htaccess, I would make make a .htaccess for each add-on domain, putting each one in the respective subdirectory.
RewriteEngine on
RewriteCond %{HTTP_HOST} masterdomain\.com$ [NC]
RewriteRule ^addondomainsubdir(.*)$ http://www.addondomain.com/$1 [R=301,L]