htaccess redirect localhost exemption - .htaccess

At some point through my error my localhost started getting redirected. After reading around I added RewriteCond !localhost [NC] to my .htaccess file and it now appears to work but I've pretty much no idea what I'm doing.
I don't know htaccess rules well, I've read several answers and googled but the scripts I've found seem to take a different approach usually based around...
Require valid-user
Allow from 127.0.0.1
Satisfy Any
...which I have trouble integrating.
Is my amend below OK or a bad idea?
# MAINTENANCE-PAGE REDIRECT
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^00\.00\.000\.000 # my remote IP address
RewriteCond !localhost [NC] # I added this line
RewriteCond %{REQUEST_URI} !/maintenance.html$ [NC]
RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif|css|zip) [NC]
RewriteRule .* /maintenance.html [R=302,L]
</IfModule>

I would suggest you to remove these lines
RewriteCond %{REMOTE_ADDR} !^00\.00\.000\.000 # my remote IP address
RewriteCond !localhost [NC] # I added this line
and add just this:
RewriteCond %{REMOTE_ADDR} !^(?:(?:00\.00\.000\.000)|(?:127\.0\.0\.1))$
But the
Require valid-user
Allow from 127.0.0.1
Satisfy Any
Solution is much better.

Related

Issue with .htaccess rewrite

I have several servers that have different catalytic structure with the same files. I want to redirect all addresses that have at least 1 phrase ".php/" for example: http://localhost/kat1/kat2/kat3/index.php/abc to http://localhost/kat1/kat2/kat3/index.php.
and
http://localhost/kat1/kat2/kat3/kat4/index.php/abc/index.php
to
http://localhost/kat1/kat2/kat3/index.php.
I try that but it does not work:
Options +FollowSymlinks
RewriteEngine on
RewriteRule ^(.*).php\/(.*)$ index.php
How can i do that?
You can use this single rule in your site root .htaccess:
RewriteEngine On
RewriteCond %{THE_REQUEST} \s/+(.+?\.php)/ [NC]
RewriteRule ^ /%1 [L,NE,R=301]
# remaining rules go below

block specific url in .htaccess and allow access by IP

I have a problem, I want to secure the admin panel of my website using .htaccess but its a CGI script.
from WebBrowser it looks like: http://mysite.com/?op=adminpanel
of course its /cgi-bin/index.cgi?op=adminpanel
I've tried with:
<files index.cgi?op=adminpanel>
order deny,allow
deny from all
allow from my.ip.address
</files>
but not working, works when I use <files index.cgi></files> but the whole site got 403 error for everyone except for my ip
now i'm testing with:
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !( my.IP)
RewriteCond %{QUERY_STRING} !(?op=adminpanel)
RewriteRule index.cgi - [F]
any help will be greatly appreciated
Per this article you can do it like this:
Let's say you want to block IP address 123.255.123.255 from accessing the page www.mydomain.com/index.php?option=com_my_special_component. Here is how you could write the rule:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^123\.255\.123\.255
RewriteCond %{QUERY_STRING} option=com_my_special_component [NC]
RewriteRule ^(.*)$ index.php [F,L]
The first line just turns on URL rewriting. The second line matches the IP address (use backslashes before each dot), the third line matches the querystring (ie. anything that comes after the ? in the URL) - in this case it would match if option=com_my_special_component comes anywhere in the URL after the ? (eg. index.php?id=1&option=com_my_special_component&action=dostuff would still match with this rule). The [NC] at the end of that line tells it to apply the rule regardless of whether any of the characters in the URL are uppercase or lowercase. The final line redirects the user to index.php with a 'forbidden' header - so they will get an error message in their browser, and tells mod_rewrite to stop interpreting any further rewrite rules.
If you want to ban multiple IP addresses, you can add new lines for them, but you need to add an [OR] flag to the end of each line except the last one - for example:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^123\.255\.123\.255 [OR]
RewriteCond %{REMOTE_ADDR} ^124\.255\.124\.255 [OR]
RewriteCond %{REMOTE_ADDR} ^125\.255\.125\.255
RewriteCond %{QUERY_STRING} option=com_my_special_component [NC]
RewriteRule ^(.*)$ index.php [F,L]
Since you are block access to an admin page, you probably want to only allow your IP. In that case you would just put an exclamation mark in front of the IP address to say if it's any IP other than this one, then rewrite.
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^123\.255\.123\.255
RewriteCond %{REMOTE_ADDR} !^124\.255\.124\.255
RewriteCond %{REMOTE_ADDR} !^125\.255\.125\.255
RewriteCond %{QUERY_STRING} option=com_my_special_component [NC]
RewriteRule ^(.*)$ index.php [F,L]
Hope that helps.
Try this in the .htaccess file :
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/admin
RewriteCond %{REMOTE_ADDR} !=10.0.0.1
RewriteCond %{REMOTE_ADDR} !=10.0.0.2
RewriteCond %{REMOTE_ADDR} !=10.0.0.3
RewriteRule ^(.*)$ - [R=403,L]
if the url begins with /admin and the remote address is not one of the three listed, send the browser on its merry way.
reference : https://www.concrete5.org/community/forums/chat/restrict-urls-starting-with-abc-to-specific-ips-.htaccess-guru
you can change this line (RewriteCond %{REQUEST_URI} ^/admin) to this :
RewriteCond %{REQUEST_URI} .*/admin
for very url contain "/admin".

htaccess RewriteRule causing Error 310 (ERR_TOO_MANY_REDIRECTS)

First I will explain what I am trying to accomplish. I want to only allow access to my website with my own IP Address while I am developing and everyone else will be directed to my offline.html
My website is running on Joomla! 2.5.9
I have added this .htaccess file to the root directory:
I have replaced my IP address with 123.123.123.123 just for putting on here. My IP Address is static.
RewriteEngine On
RewriteCond %{REMOTE_HOST} !^123\.123\.123\.123$
RewriteCond %{REQUEST_URI} !^offline\.html
RewriteCond %{REQUEST_URI} !^(\.png|\.jpg|\.gif|\.jpeg|\.bmp|\.swf|\.css|\.js)$
RewriteRule ^(.*) /offline.html [R=307,L]
When I test going to my site through my VPN I will get the below Error message from Chrome:
Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.
After that I see the correct path to offline.html has been added and the same with Firefox although the Error Message is slightly different:
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
What could be the cause of this?
You may try this:
Options +FollowSymlinks
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_ADDR} !123\.123\.123\.123
RewriteCond %{REQUEST_URI} !\.(png|jpg|gif|jpeg|bmp|swf|css|js) [NC]
RewriteCond %{REQUEST_URI} !offline\.html
RewriteRule .* offline.html [R=307,L]

Force subset of webpages as HTTPS

I would like to force a subset of webpages to https and all other webpages as http.
In htaccess I use the following script that I found in another post, but that wasn't working...
RewriteCond %{HTTPS} off
RewriteRule ^(login|signup)\.php https://%{HTTP_HOST}%{REQUEST_URI} [R,L,QSA]
RewriteCond %{HTTPS} on
RewriteCond ${REQUEST_URI} !(login|signup)\.php
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R,L,QSA]
HTTP is forced as it should be, HTTPS is forced as it should be, but eg https://mywebsite.com/signup produces an infinite loop error in my browser. Any ideas what goes wrong?
I changed to code to the following which seems to work, but now the SSL is only partially implemented due to secure and insecure items on the webpage. I checked the URLS to e.g. images, style sheets and external javascript files bit these are all relative and shouldn't pose a problem... If someone knows how to deal with this I'd be glad to hear it.
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/login$ [OR]
RewriteCond %{REQUEST_URI} ^/signup$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !login$
RewriteCond %{REQUEST_URI} !signup$
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R,L]
Try adding this line somewhere on top of your .htaccess:
Options +FollowSymLinks -MultiViews
Maybe you have some other rules that do this redirect -- it would be good if you provide whole contents of your .htaccess file.
You may have redirect inside the actual php script.
In any acse -- if you can edit Apache's config files (httpd.conf or httpd-vhost.conf) then you can enable rewrite debugging (RewriteLoglevel 9) and see what exactly is going on -- this is the best option (if you can).

redirect my site from www.foo.bar to cdn.foo.bar

is it possible to have an htaccess rule that will redirect my files from
http://www.mydomain.com/page.html to http://cdn.mydomain.com/page.html but still making the link look like http://www.mydomain.com/page.html
I know masking urls isn't possible, but since they are on the same domain i was wondering if that was possible
Try these rules in your .htaccess file:
Options +FollowSymlinks -MultiViews
RewriteEngine on
# for http
RewriteCond %{HTTP_HOST} ^www.mydomain.com$ [NC]
RewriteCond %{SERVER_PORT} =80
RewriteRule ^(.*)$ http://cdn.mydomain.com/$1 [L,R]
# for https
RewriteCond %{HTTP_HOST} ^www.mydomain.com$ [NC]
RewriteCond %{SERVER_PORT} =443
RewriteRule ^(.*)$ https://cdn.mydomain.com/$1 [L,R]
However one caveat that it is an external redirect hence URL in your browser will change to http://cdn.mydomain.com/foo because when you are jumping from one host to another you cannot have internal redirect hence R flag is needed.
No idea about .htaccess but you could use a curl script in PHP.

Resources