Redirect URL with hash using .htaccess - .htaccess

I want to redirect a URL containing a hash to another URL.
Example: example.com/#test should redirect to example.com/teste_page
Can this be done using the .htaccess file?

Yes it can be done, just use the No Escape flag... [NE,R,L]

No, hashes are never sent to the server, they are in-page fragment identifiers, so only used by the browser. So you're .htaccess would never have access to the hash. You'd have to do some nifty redirects to get that info to your server.
Here are some ideas that might spark something:
http://forum.modrewrite.com/viewtopic.php?t=3912

This cannot be done with .htaccess - as far as the browser is concerned, the # and anything following it does not need to be sent to the server, as it's a link for the browser to resolve.
Here's a related question, as well as an example:
Note google thinks the request was:
http://www.google.com/thisisa404?query=string#fragment

Related

Redirect an address ending with #!

I have an address: www.domain.com/index.php?category=this-is-me#!
For some reason google directs to this address.
I want to redirect my users to www.domain.com/index.php?category=this-is-me
How can I do that?
I don't think the "#!" is needed.
I work with htaccess files (php, apache).
Thanks
You can't do anything about it in htaccess files, in php, or in apache. Everything starting from the # is called the URI fragment and it is never sent to the server. So apache doesn't even know it's there.
What you'll need to do is use something that's on the client-side (e.g. browser) to remove it. For javascript, see something like this: Remove fragment in URL with JavaScript w/out causing page reload

Prevent displaying PHP File through URL with htaccess

i would like to make it impossible to open a PHP file directly through an Url but keep it still accessible through jQuery. Right now it is possible to enter this URL in the Browser:
http://domain.com/php/member.php
But i would like to prevent that. If someone types this in the Browser Url than i would like to redirect everyone to http://domain.com with htaccess. But it must be still possible to send variables through the own Website with jQuery to the PHP File.
Thanks :)
If you don't want it access directly put it outside the web root and use a php script to interact with it. jQuery/JavaScript is client side. If it can access the file, then the client will be able to also. You would be better off using PHP to send/receive info to jQuery and hide that file outside the web root so there is no direct access.
You can use this htaccess redirect to generate the code to redirect domain.com/php/member.php to domain.com. You can use a 301 redirect like the one above.

problems getting nice browser url using redirect/rewriterule

Currently I use a .htaccess redirect to send a (nice) url /offices/london/whatever to my script (nasty url) /db/db.pl?offices-london-whatever
i want the browser url to be nice, with the 301 redirect it isn't so i tried with the RewriteRule but the browser url is still the nasty one.
e.g. RewriteRule Offices/London/(.*)$ /db/db.pl?Offices-London-$1 [NC]
it all navigates, i get the pages i want with either method, but i want the nice url not the nasty one for both the user browser and SEO. presently i only get the nasty url
any clues what i am doing wrong?
Let's assume the following:
RewriteRule ^/Offices/London/(.*)$ /db/db.pl?Offices-London-$1 [L,NC]
This makes your page accessible through www.yourdomain.com/offices/london. So you can just use that URL in your browser. As for SEO the crawlers will see you are using that URL in your links and will index it.
Remember that you can always use the other URL (the nasty one) aswell, just dont use it (except for testing ofcourse).
ok, thanks for that
the problem is not one of 'accessing' the script, that all works fine, it is of getting the browser address bar to NOT display the ugly path/url, which happens with the example above.
as for the SEO, it is not the case, google is currently displaying the ugly url.
by reading through http://www.webmasterworld.com/forum92/6079.htm (and www.askapache.com/htaccess/mod_rewrite-basic-examples.html) i am slowly getting there, with two rewrites and a cond, but i have been lazy in my perl and the relative paths are screwed, so got to do some more on it.
for now though, i got to do some other pesky customer things for a while.
will post my full solution here shortly!!!

.htaccess and sessions for security?

In my application users have their own "websites" which can be reached if they are signed in.
However, since these websites are just directories containing html and other documents everyone in the world can reach them if they know the address. I can't have that :) A user should be able to decide whether or not thw world might see their files or not.
Can I use .htaccess to activate a PHP-script every time a request is made to that directory?
I.e. if reqested-site is "/websites/{identifier}", run is-user-allowed-to-view.php?website={identifier}
The identifier is a numeric value which refers to both a physical folder and a post in the database... and the script would then return true or false.
Or is there perhaps another way of solving the same issue?
Cheers!
You can use mod_rewrite to rewrite requests with such a URL internally to your script:
RewriteEngine on
RewriteRule ^website/([0-9]+)$ is-user-allowed-to-view.php?website=$1
But this rule is only for the URL path /website/12345 and nothing else.
Or have every page as a PHP page and just put at the top a single line to redirect if the session / cookie is incorrect or not set. Obviously wouldn't work for non-PHP content such as images.
What you need is a proper front-end (written in whatever language). You need to have your web-server (Apache in your case it seems) pass the requests to the said front-end.
You cannot do what you are asking for with just .htaccess files.

What's a clean/simple way to ensure the security of a page?

Supposing you have a form that collects and submits sensitive information and you want to ensure it is never accessed via insecure (non-HTTPS) means, how might you best go about enforcing that policy?
If you're running Apache, you can put a RewriteRule in your .htaccess, like so:
RewriteCond %{HTTPS} "off"
RewriteRule /mypage.html https://example.com/mypage.html
I think the most bullet-proof solution is to keep the code inside your SSL document root only. This will ensure that you (or another developer in the future) can't accidentally link to a non-secure version of the form. If you have the form on both HTTP and HTTPS, you might not even notice if the wrong one gets used inadvertently.
If this isn't doable, then I would take at least two precautions. Do the Apache URL rewriting, and have a check in your code to make sure the session is encrypted - check the HTTP headers.
Take a look at this: http://www.dotnetmonster.com/Uwe/Forum.aspx/asp-net/75369/Enforcing-https
Edit: This shows solutions from an IIS point of view, but you should be able to configure about any web server for this.
In IIS? Go to security settings and hit "Require secure connection". Alternately, you can check the server variables in page load and redirect to the secure page.
I'd suggest looking at the request in the code that renders the form, and if it is not using SSL, issue a redirect to the https URL.
You could also use a rewite rule in Apache to redirect the user.
Or, you could just not serve up the page via HTTP, and keep it only in the document root of your HTTPS site.

Resources