I have several webpages on my root directory (e.g. index.htm, home.php and home_page.php) which all are starting points for different versions of my website.
I ahve upgraded PHP version (as advised by my hosting service) from 5.3 to 5.6. This has put a .htaccess file on my site and now my PHP pages on root won't load and I get a "500 Internal Server Error" message.
The .htaccess file was created by the web hosting provider when the PHP version was updated.
The content of the .htaccess file is AddType application/x-httpd-php56 .php .php5.
If I delete the .htaccess file then my pages work OK as before but I do not know what the implications of deleteing this file are.
How do I log my exception errors?
Any help on how I can getall of my pages to be displayed, please?
We are running a WordPress site on a AWS EC2 Linux instance and have created custom 403 and 404 error files (both html files). The files are located in the root of the website.
The root .htaccess file has been amended to include the following section:
# Custom Documents
ErrorDocument 403 /403.html
ErrorDocument 404 /404.html
The site uses a theme and within this there is a 404.php file. The problem is that any 404 requests are being routed to this file instead of the 404.html file.
The httpd.conf file has all access set for the root folder var/www/html so there’s nothing in it that I can see that would be blocking the .htaccess file. As a double check I added some 301 redirects into the .htaccess file just to check if they were getting hit and they were working.
Also checked if there were any other .htaccess files which might be overriding the one in , there were some in a plugin but from what I can see they shouldn’t have any impact.
Is there anything else which could be overriding the .htaccess file?
ErrorDocument 404 doesn't work in Wordpress like regular pages. Wordpress by default shows 404.php content from inside your selected theme. You can put your custom code in that 404.php file.
Here is official Wordpress guide for Creating an Error 404 Page
My directory structure is as follows:
-application
-system
-assets
--images
--downloads
--css
index.php
I created assets as suggested on stackoverflow,I wanted to restrict access to downloads so placed .htaccess file in assets folder with the following directive
Deny from all
now its protected but as assets has css files and those are also not accessible too.
Try to put the htaccess file to downloads file
I have a private folder that contains all of the private scripts and resources that I use for my website. I'm using .htaccess in the private folder to
deny from all
which works successfully, giving a 403. However, index.php uses javascripts and css from the private folder which means it's also getting restricted. How do I fix this?
You need to move the JavaScript and CSS files to a public directory so that users can download them so that they can view the web page correctly. If you want, you can disable browsing of the public directory by adding a .htaccess file in that directory with the following content:
Options -Indexes
I have a php file that inherits (includes) another PHP files. All inherited files are located in one folder called "includes". I want to be able to restrict any direct access to this folder. Only PHP files within the server can communicate with the files in the "includes" folder. How can I use .htaccess to accomplish such goal?
FYI, I used the following code and it did not work
Order deny,allow
deny from all
Any help would be appreciated
If you don't have the option of actually moving the "includes" folder outside of the Document Root area, and using the include_path (i.e. you can't get to it from web), then enter
deny from all
in a .htaccess directory in that directory.
However, alternative is to use a DEFINES directive to only allow access to those include programs by specific authorised files. For example, put
<?php defined('ACCESS_ALLOWED') or die('Restricted Access'); ?>
in the top of the include files, and then put
<?php define('ACCESS_ALLOWED', 1); ?>
in the programs that are allowed to include those files.
This will prevent casual GETs to those include files from running them, and will work for any web server, not just those supporting htaccess files.
in your includes/.htaccess :
Order deny,allow
deny from all
You can actually just use an index.php and pass a 404 header using header():
header('HTTP/1.1 404 Not Found', 404);
IMO, this is better than a 403, since it's like the folder doesn't exist. As for the include files, put this line above the first include/require line of the main file:
define('INCLUDED', true);
And on every file in the include directory, put this at top most part.
if (!defined(INCLUDED)) {
header('HTTP/1.1 404 Not Found', 404);
}
You can deny direct access to the folder using the following Directives in htaccess or server.config contex :
Mod-alias based solution
Redirect 403 ^/folder/.+$
This will redirect all files and dirs of /folder/ to 403 forbidden error page.
Mod-rewrite base solution :
RewriteEngine on
RewriteRule ^/?folder/.+$ - [F]
Depending on possible other options set at a higher level you may need to use:
Satisfy all
Order deny,allow
Deny from all
I ran into this when the upper directory defined basic authentication including the line:
Satisfy any
This was preventing my deny from all to take effect because the users were authenticated.