I have a wordpress site running, and currently anyone can view the uploads directory by visiting
http://site.com/wp-content/uploads
I want to stop this directory from being viewed in a browser but I want a subfolder to be viewable (eg. http://site.com/wp-content/uploads/PublicUploads). I have tried setting
IndexIgnore *
in the uploads folder, but I cannot work out how to set the sub folder back to visible.
Any help would be appreciated
Most people use
Options -indexes
To make a subdirectory visible again, you'll need to put a .htaccess file inside that subdir, with Options +indexes inside it.
Using mod_rewrite you can block direct access to wp-content/uploads directory like this:
RewriteRule ^wp-content/uploads/?$ - [F,NC]
Keep in mind that this will only block browsing of /wp-content/uploads contents but will allow /wp-content/uploads/PublicUploads or any /wp-content/uploads/foo.
Related
I have the following in my .htaccess:
# "-Indexes" will have Apache block users from browsing folders without a
# default document Usually you should leave this activated, because you
# shouldn't allow everybody to surf through every folder on your server (which
# includes rather private places like CMS system folders).
<IfModule mod_autoindex.c>
Options -Indexes
</IfModule>
However, I have a directory that does not have an index file (and I prefer to keep it this way), which I need to enable access. How do I exclude this directory from the above code?
Create an .htaccess file in that directory, and in it put the following
<IfModule mod_autoindex.c>
Options +Indexes
</IfModule>
Despite the following comment (I got this code from someone else):
# "-Indexes" will have Apache block users from browsing folders without a
# default document
...this code does not block users from accessing files in a directory that does not have an index file. Therefore, I do not need to exclude my directory from the above code.
As an example, example.com/testdir does not have an index file. But, I'm able to access example.com/testdir/testfile.txt
each month many gigabytes of traffic on my site is being consumed by various sites, mostly in italy according to my stats. On further review of my raw access logs, they have built in direct reference links to css and png files in my site. I can just rename them but that wont stop them accessing a page in my site to get their full urls and keep accessing them.
Is there a way to block access to css and image files in my site unless they come from the same domain, somehow?
Regards
Greg J
Try adding this to the .htaccess file in your web document root folder (often public_html or htdocs) (edit the name of the domain):
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^yourdomain\.com
RewriteRule (?:jpg|png|gof|css) - [F]
This assumes that mod_rewrite is both installed and activated for htaccess files.
If you are not sure, to check if mod_rewrite is installed, look at the list of installed modules in the output of phpinfo();
By default, mod_rewrite is not enabled for htaccess files. If you are managing your own server, open httpd.conf
and make sure that the webroot directory block contains one of these lines: AllowOverride FileInfo or AllowOverride All
I have a folder in my public_html directory named landingPages which obviously holds all our Landing Pages.
The problem is all the URLs on Google AdWords etc. are set to the public_html folder, for example:
http://www.example.com/landingPage1.php
Putting all the files in the new landingPages directory was done to clear up the public_html directory and seperate everything a bit but changing all the URLs is something we want to avoid.
I want that if you go to to http://www.example.com/landingPage1.php in the browser that it actually loads whats inside the landingPages folder so it calls http://www.example.com/landingPages/landingPage1.php in the background.
I have tried a few things but can't seem to find a catch all version to determine if whatever is requested in the browser is present in the landingPages folder and if so to re-direct or if this sort of catch all request is at all possible.
If not, I guess I would have to manually create rules for each file I want re-directed including any future created Landing Pages which is what I am trying to avoid here.
put this code in your .htaccess under the website root directory, this will check if the file exists in landingPages folder, if so, it will load the content of that file.
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}/landingPages/$1 -f [NC]
RewriteRule ^([^/]+)$ /landingPages/$1 [L,QSA]
Ok, I'm clueless here...
I need to rewrite a directory structure and all sub-directories within it to a directory within the same server, but a root that is before the directory.
For example:
http://www.mydomain.com/Themes/default/css/folder
and all directories called upon after folder. Such as folder/sub_folder or folder/afolder/anotherfolder, it needs to include ALL sub-directories within the folder directory.
should be redirected to this:
http://www.mydomain.com
How do I do this via a .htaccess file within the folder path http://www.mydomain.com/Themes/default/css/folder?
Please someone help.
Thanks guys :)
The files within the directory structure still need to be accessible for that structure when called via PHP, but I don't want people being able to browse to http://www.mydomain.com/Themes/default/css/folder and be shown all subdirectories within that folderpath and/or all files. Same thing for all sub-directories that follow that folder path.
I'd like to be able to place the .htaccess file within the http://www.mydomain.com/Themes/default/css/folder directory on the server, but don't know exactly what code to use for this.
ALSO, even more challenging... The domain name can change, so I'd rather not use the domain name within the .htaccess file, instead perhaps use .. or . to go up a directory or a different method of grabbing the domain name within the .htaccess file.
Create a .htaccess file in /Themes/default/css/folder and place these lines there (it requires mod_rewrite):
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ http://%{HTTP_HOST}/ [R=301,L]
It will redirect (301 Permanent Redirect) all requests to a folder to a homepage. If file is requested, it will allow it.
If you want to have it working for folders as well as files then remove the RewriteCond line -- it will redirect ALL requests (even for non-existing URLs) to a homepage.
If you will see "500 Internal Server Error" after creating such file, then it is your server configuration: mod_rewrite may not be enabled or it's directives (RewriteRule, RewriteCond, RewriteEngine) are not allowed to be placed in .htaccess. In any case -- check Apache's error log for exact error message (it will give you the exact reason).
http://www.besthostratings.com/articles/prevent-directory-listing.html
IndexIgnore *
Has anyone had an issue where you try and do a redirect of a .pl file and that file just shows up as forbidden?
Here is an example of what I'm trying to do:
(http://www.oldsite.com/folder/sample.pl)
needs to redirect to...
(http://www.newsite.com/newpage/)
Here is what I have put in the .htaccess file which is located in folder on the old site (because I don't have access to the web root .htaccess file):
#the first line should allow the pearl file extension to execute
Options ExecCGI FollowSymLinks
RewriteEngine on
RewriteRule ^sample\.pl$ http://www\.newsite\.newpage/ [R=301,NC]
Though, I only get a forbidden page when I go to (http://www.newsite/folder/sample.pl). Even without the .htaccess file in place I still get a forbidden page. It's only .pl files that cause this forbidden page. If I go to any of these fake pages (sample.asp, sample.jsp) they bring up the proper "Page Not Found" message.
Can anyone think of any ideas to get around this .pl extension issue?
Thank you!