Im trying to create a site where authorized users can download pdf files...
the pdf files are in the webroot auth is by php sessions...
so to protect files from hotlinking, i found a working solution
php:
at successful login write a new file named session id:
if($logged_in) {
touch('auths/' . session_id());
}
then the .htaccess checks if the session id file is exists, if file is not exists its redirects to login..
# checks if a file named
RewriteCond %{HTTP_COOKIE} PHPSESSID=(\w+)
RewriteCond %{DOCUMENT_ROOT}/auths/%1 -f
RewriteRule ^(.*)$ $1
RewriteRule /* /login.php [L]
This is working so far, did a simple testing environment....
The issue is this needs to be combined with a cakephp app which uses the following .htaccess:
# CakePHP
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?/$1 [QSA,L]
</IfModule>
So my question how could .htaccess modified so its only checking if the request is *.pdf and also works together with the cakephp rules...
Thank you !!
I don't think that combine .htaccess and CakePHP will do well. Both are different kind of software and don't have native communication method. Until you write your own module for Apache I don't think you'll make a good solution. On your place I'd rather read whole file to variable than print it with proper header. A memory costly solution but secure, server independent and pretty easy to modify in the future.
Related
I'm trying to setup a new project structure. Due to some limitations of my cloud provider, I need to do some htaccess magic which I'm struggling with.
The project structure is as following
/docroot => Contains my Drupal installation
/docroot/frontend => Contains an Angular frontend
/docroot/pim => Is a symlink to /docroot.
What we need is that when we surf to example.com/pim that it redirects to the Drupal docroot /docroot. Since due to limitations of the cloud provider we can't put it in the /pim folder, they suggested to make a symlink.
Any other request to example.com should go to docroot/frontend.
So I've added the following code in my htaccess file
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/frontend.*$
RewriteRule !^pim($|/) http://example.com/frontend%{REQUEST_URI} [L,R=302]
Current behaviour is that all requests go to /frontend/index.php (I think the index.php comes from the .htaccess of Drupal, so the redirect is not done cleanely) While I would expect a request to example.com/test to direct to example.com/frontend/test
Also example.com/pim points to example.com/frontend/index.php instead of staying in the /pim directory
I've been able to fix it. :)
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/frontend.*$
RewriteCond %{REQUEST_URI} !^/pim.*$
RewriteRule ^ frontend%{REQUEST_URI} [L,R=302]
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/frontend.*$
RewriteRule ^ %{REQUEST_URI} [L]
Here is my htaccess file and it works somewhat. Not matter what controller I specify it always goes to the home page
<IfModule mod_rewrite.c>
RewriteEngine On
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
#This last condition enables access to the images and css folders, and the robots.txt file
RewriteCond $1 !^(index\.php|css|js)
RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>
This is my website URL
http://automationmetrics.local/automation/
Thoughts?
Some things I usually check when this happens to me:
Have I enabled the mod_rewrite module in Apache?
Have I set $config['index_page'] to blank?
If the above works, here's the one that I use, that's working on my end:
https://gist.github.com/petrepatrasc/6925413
If you're STILL out of luck, then try fiddling with the $config['uri_protocol'] parameter - I remember that I could only get it to work on Windows (with IIS at the time) using REQUEST_URI as a value. Might be related to that.
The first two rules get triggered on all the files, just like it says in the comment. So this one:
RewriteCond $1 !^(index\.php|css|js)
seems redundant and removing it should solve the issue you're having.
This is how my urls currently look:
http://mysite.com/?page=1
How can I make this work?:
http://mysite.com/page/1
There is a post on StackOverflow that asks the same question. But the accepted solution isn't working for me. Because I am using Codeigniter and my page results in a 404 perhaps because since the url pattern of a CI site is:
domain/controller/method
The system is assuming that I am requesting a controller called "page" and a method called "1" both of which of course doesn't exist. Or maybye it's due to a conflict with the other code in my htaccess file (which I downloaded from the CI wiki, it gets rid of index.php and does a few security things). Here is my entire htaccess file:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
#Removes access to the system folder by users. Additionally this will allow you to create a System.php controller, 'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#When your application folder isn't in the system folder. This snippet prevents user access to the application folder. Rename 'application' to your applications folder name.
RewriteCond %{REQUEST_URI} ^application.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#Checks to see if the user is attempting to access a valid file, such as an image or css document, if this isn't true it sends the request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
#Pretty urls for pagination links
RewriteRule (.*) index.php?page=$1
</IfModule>
The non indented bit is the solution I got from that other SO question that isn't working for me.
Any solutions to this CI pagination issue?
UPDATE
Ok, read some of the docs and now I have this working:
http://mysite.com/home/index/2
What would be the htaccess rule to turn that into?:
http://mysite.com/page/2
You should make this configuration at /application/config/routes.php (and let the .htaccess just for hide the index.php as you are already doing).
$route['page/(:any)'] = 'home/index/$1';
Or better, like #zaherg remembered (ensures that only numbers could by matched):
$route['page/(:num)'] = 'home/index/$1';
This way all the requests to http://mysite.com/page/2 will be treated internally as http://mysite.com/home/index/2 and so forth.
I suggest you take a look at CodeIgniter User Guide - URI Routing and CodeIgniter User Guide - Tutorial − Introduction.
Good luck.
RewriteEngine on
RewriteCond $1 !^(index\.php|images|robots\.txt)
RewriteRule ^(.*)$ /index.php/$1 [L]
from CodeIgniter docs
That will handle removing the index.php, but what happens after that depends how CodeIgniter's query string handling is set up: it can be configured to use a query string rather than a path. See the link for more details.
I've got the following code in my .htaccess to strip out index.php from the urls in my CMS-based site.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
This code works great and it routes requests exactly how I want. For example, with URL: http://example.com/contact/ the directory contact doesn't actually exist if you look in the FTP; instead index.php handles the request and shows my contact info. Perfect. Well, almost perfect.
I want to modify this code to specify a couple directories in FTP that should be ignored. For example, if I've got a folder called assets, when I go to http://example.com/assets/ the default DirectoryIndex page is displayed. Instead, I want this directory to be ignored -- I want index.php to handle /assets/.
TL;DR: How can I modify the above code to explicitly ignore certain existing directories (so that index.php handles them instead of the DirectoryIndex)?
Why not adding this below or before your code?
RewriteRule ^(assets/.*)$ /index.php/$1 [L]
I'm often updating my website through various design iterations, and want to simplify my life by putting each version in its own folder: ie: www.mysite.com/v1.
How can I store all the contents of my in that folder (/v1, /v2, etc) yet have it accessed by simply typing in www.mysite.com.
I don't want just want to redirect the url, I want to remove the v1 from the url entirely.
Assuming you're using Apache, you could use mod_rewrite for this. Simply create a .htaccess file in the root of your public directory with a simple rewrite rule:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) v2/$1 [L]
</IfModule>
This will rewrite all URL's to the v2 directory. If you update your site to a new version, simply change v2 into something else and all requests will be rewritten to that directory.