Hiding admin page as a subdomain - .htaccess

I have a site that has an admin page (eg admin.php) that is normally accessed via mydomain.com/admin.php
What I was hoping to be able to do is to use htaccess to map
"admin.mydomain.com" to "mydomain.com/admin.php" in such a way that the user would never know that it was a 'file'.
That is, if someone externally tried to access "mydomain.com/admin.php", I want it to 404.
Now, for the even hard part: the admin.php page will want to serve links as "/admin.php?param=value", etc and so I'd need to look at the referrer (???) to let this work as expected.
can htaccess do this? Any idea on where to start?

If you have set up a record for admin.mydomain.com with the same IP Address as mydomain.com as well as the same DocumentRoot,
Then this can be done like this in your .htaccess:
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:REDIRECT_STATUS} 200
RewriteRule ^ - [L]
RewriteCond %{HTTP_HOST} ^(admin\.) [NC]
RewriteRule ^ %1php [L]
RewriteCond %{REQUEST_URI} admin\.php$ [NC]
RewriteRule ^ - [R=404,L]

I don't really understand what you are trying to do (or really why you absolutely need to have the page mydomain.com/admin.php).
If you are trying to "hide" it from the users, why not actually create a subdomain, place the file in the subdomain, implement security on the entire subdomain and then there is no need for messing around with redirections, referrers or query strings.
For security you might want to do something like this:
In your .htaccess put:
AuthUserFile /path/to/htpasswd/file/.htpasswd
AuthGroupFile /dev/null
AuthName "MyDomain Admin Area"
AuthType Basic
require valid-user
Create the file .htpasswd using a generator such as this
Then you will have no need to hide the page from the user because without the correct username and password, they will get a 403.

Related

Hiding Directory in URL with htaccess is not working

I have website1.com setup so that when users visit website1.com they get redirected via a meta tag in an index.html to website1.com/directory
Then they use the website and go to links such as website1.com/directory/index.html or what ever. I am trying to hide the "directory" in the link so that users only see website1.com/index.html
I have place the htaccess which is to rewrite the url to website1.com/index.html at website1.com/directory/.htaccess
I am not doing anything else special and this should be an easy task. My current exact htaccess is as follows:
RewriteEngine On
RewriteCondition %{REQUEST_URI} !^directory/
RewriteRule ^(.*)$ directory/$1 [L]
Should be easy right..... All I get is a 404
In my server I have Mod_Rewrite & mod security and suspect one of them is causing this not to work but can't imagine why. Am I missing something here?
Your rule is incorrect since %{REQUEST_URI} variable has starting /
You need to place this in document root
Use this code in document root .htaccess:
RewriteEngine On
RewriteCondition %{REQUEST_URI} !^/directory/
RewriteRule ^(.*)$ /directory/$1 [L]

.htaccess redirect all requests to index.php even if the requested file exists

I'm writing my first .htaccess file. I would like to know how to rewrite localhost/home/user/ to localhost/index.php?home&id=user even if the 'home' directory exists.
Is this possible?
It's a bad practice doing that, however, if you really want this the lines you need are:
RewriteEngine On
RewriteBase /
#(things you want to do beforehand)
RewriteCond %{HTTP_REFERER} !^$
RewriteRule !^http://localhost/index.php?home&id=user [R,L]
#(things you want to do after redirect)
(you may need $1 instead of 'user', depending on security you use; and $_SERVER['PHP_AUTH_USER'] from PHP if using .htpasswd from Apache)
You can add different flags of course, the RewriteRule Flags doc is here.

htaccess to redirect from subdirectory to alternate domain

I'm trying to do a simple task with htaccess but I don't have any experiences with htaccess. Basically, this is what I'm trying to achieve.
I have a website (www.example1.com) with a hosting account. And now, I'm launching a second website (www.example2.com) that uses the same hosting account.
Physically the files for www.example2.com exist in www.example1.com/example2.
As you might expect, what I'm trying to achieve is that when a user writes www.example1.com/example2, they are redirected to www.example2.com.
This is what I've tried doing
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^/example1.com/
RewriteRule !^/example2.com/
And also...
Order Deny,Allow
Deny from all
Allow from example2.com
Any help would be appreciated!
RewriteCond %{HTTP_HOST} ^(www\.)?example1\.com$ [NC]
RewriteRule ^example2(.*) http://www.example2.com$1 [R=301, L]
First line - check if the host matches example1.com with or without the "www.".
Second line - check if the path starts with example2 and, if it does, redirect to www.example2.com, maintaining any existing path after example2.

.htaccess mod_rewrite for web service as well as hide other files

I think I know how to hide the files but how do I use mod_rewrite to allow only the web service to be called in the same directory?
Here is the directory/file structure
/var/www/html/xmlrpc/xmlrpc.server.php
/var/www/html/xmlrpc/xmlrpc.client.php
/var/www/html/xmlrpc/xmlrpc.class.php
/var/www/html/xmlrpc/xmlrpc.ini
/var/www/html/xmlrpc/logs
Important note: /var/www/html/xmlrpc/logs has 777 permission
before you start harping on me I plan to move this into a non public directory and give the correct permissions. But I was asked to see if I could hide it with the .htaccess file.
.htaccess
AuthType Basic
AuthName "My hidden files"
AuthBasicProvider file
AuthUserFile /var/www/html/xmlrpc/.pswds
Require valid-user
.pswds
user:5/abcde1abcdE
Also I'm a newbie with mod_rewite/mod_alias and need this URL:
http://127.0.0.1/xmlrpc/xmlrpc.server.php
to be this:
http://127.0.0.1/xmlrpc/v1/
How does one do this?
Also on know on the virtual host setup in Apache you can set the log file paths/names, can this be done from the .htaccess file as well?
Examples are welcome as this is a learning experience for me as well.
Ah mod_rewrite. Try this in the xmlrpc directory:
RewriteEngine On
RewriteRule ^v1/$ xmlrpc.server.php [L]
Some questions though - does xmlrpc.server.php take any get parameters? Can you guarantee that the url will always include a trailing slash?
To enforce a trailing slash as well as some other stuff, try this:
# Allows direct linking to files
RewriteCond %{REQUEST_FILENAME} !-f
#Checks if the url is missing a slash, if so, evaluate rule below
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ^(.*)$ http://127.0.0.1/$1/ [L,R=301]
The last rule will have to be adjusted depending on where you put the .htaccess file. If it's at the root, then it will work for all lower directories. If it's in the xmlrpc folder, then you can leave off the localhost.
Also remember to restrict access to the .htaccess file:
<Files .htaccess>
order allow,deny
deny from all
</Files>
Someone else will have to answer the other questions - not as familiar with that.

Password Protect Virtual Directory With .htaccess

I have a site with a virtual directory structure like mysite.com/folder/title which is actually a .htaccess rewrite to mysite.com/f/index.php?p=title. I want to password protect the folder folder with .htaccess, and know how to do that with actual folders. But I don't want to password protect the main site mysite.com, and right now if I put the .htaccess file in the mysite.com directory, I am protecting mysite.com and mysite.com/folder. I have also tried protecting mysite.com/f.
How can I protect only mysite.com/folder using .htaccess?
EDIT: Added .htaccess contents of mysite.com.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^folder/(.*)$ /f/index.php?p=$1 [PT,L,QSA]
RewriteRule ^folder/*$ /f/index.php [L,QSA]
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
.htaccess file I tried in mysite.com/f This successfully protects the entire site when moved to mysite.com, so I know the path is correct. When it is in the subdirectory it generates a 404 error and not a password prompt.
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/myusername/.htpasswd
require valid-user
Old thread is old...
Stumbled across this while having a similar issue, password protecting a subdomain while keeping the main site without.
The solution was easier than I originally made it out to be.
In the document_root/.htaccess, domain.com/wiki was redirecting to domain.com/w (because that's cleaner? lol):
RewriteEngine On
RewriteRule ^/?w(/.*)?$ /wiki/index.php [PT,L,QSA]
RewriteRule ^/*$ /wiki/index.php [L,QSA]
In document_root/wiki/.htaccess the wiki directory was password protected:
AuthType Basic
AuthName "Restricted"
AuthUserFile "/home/user/.htpasswds/public_html/wiki/passwd"
require valid-user
I simply added this line to the top of document_root/.htaccess so it reads:
AuthType None
RewriteEngine On
RewriteRule ^/?w(/.*)?$ /wiki/index.php [PT,L,QSA]
RewriteRule ^/*$ /wiki/index.php [L,QSA]
domain.com is no longer password protected and domain.com/wiki redirects as intended and with password protection.
Hope it helps someone else.
One thing that works (but isn't the most elegant solution) is to actually create a folder named "folder" (or whichever virtual folder you're trying to password-protect) and put the .htaccess into it.
Assuming you are using Apache 2.2
... and, that your server is running on a machine to which you do not have permission to modify the server configuration
... then, create: mysite.com/f/.htaccess with the rule you desire.
A good discussion of when to use this and when not to can be found here.

Resources