I have a .htaccess with Rewrite rules:
RewriteEngine On
RewriteRule ^admin/.*$ - [L]
RewriteRule !\.(gif|jpg|png|css|js|ico|htc|txt|swf|pdf)$ index.php
ErrorDocument 404 /404.php
#AddHandler php5-script .php
Options -Indexes
Basicly, it sends all files to index.php except the /admin/ folder and the file types above. It works just fine, but i needed to protect the /admin/ folder with .htaccess:
AuthName "Area Admin"
AuthUserFile "/path/to/folder/passwd/"
AuthType Basic
require valid-user
When i protect the folder, /admin/ stops working and starts throwing 404. If i remove it it works just fine.
Add the .htaccess in the admin folder root with your permissions. This way it will exclude itself from your main .htaccess file and ask for credentials if you were to hit that folder.
Related
I'm kinda new to htaccess, I'm trying to block everything but index.php, the folder public and the files it contain. I have googled around and got this so far. Its kinda working but it looks like the webserver dont have access to the files either. It opens index.php but no css,js or php files are included. I can also go to domain.com/folder/ and get to the index page but its empty i would want it to redirect to index.php if possible. And i also have no clue about how to open the public folder while everything else above is set.
AuthType Basic
order allow,deny
<Files ~ "^(index\.php|)$">
Allow from all
</Files>
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>
DirectoryIndex index.php
Replace all of your code with this mod_rewrite rule in your site root .htaccess:
DirectoryIndex index.php
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/(?:index\.php$|public/|.+\.(?:jpe?g|gif|png|ico|tiff|css|js)$) [NC]
RewriteRule . - [F]
This rule will block everything except public/ folder, index.php or any other file ending with .css, .js, images etc.
I have a webserver with an the followinf structure :
www
---diceroller
------web
I would like to redirect any request incoming to /diceroller to /diceroller/web, so the users don't have to type the /web in URL.
At the root of my server is a .htaccess containing the following elements :
Options -Indexes
ErrorDocument 404 /permalien.php
AddType text/cache-manifest .appcache
I tried to use the following .htaccess placed in the diceroller forlder, but I hit a 403 :
Options +FollowSymLinks
RewriteEngine On
RewriteRule ^diceroller/(.*)$ /diceroller/web/$1 [R=301,NC,L]
Could someone help me to figure this out ?
RewriteRule's pattern is relative to your current directory. So if your htaccess is located in /diceroller , you have to remove that from the pattern, try the following instead
RewriteRule ^((?!web).*)$ /diceroller/web/$1 [L,R]
I'm looking for a way I could hide directory (giving 404 instead of it) before user logging in.
For example, I have directory /admin and directory /login
And I want that the user which go on the first address - will see 404 page.
But, if he goes first at second page, he will see basic auth dialog and if he type correct login data - he will be redirected to first directory and see actually admin panel.
How to do this, could you tell me please? I've tried various combinations (including symlinks) but all I get - accessible /admin directory, if it was password protected (if not - it correctly redirects to 404, no matter with RewriteRule or RedirectMatch).
RedirectMatch 404 ^/admin(/?|/.*)$
RewriteRule .* - [E=AUTH:%{HTTP:Authorization}]
<Files login>
AuthUserFile /www/.passwd
AuthName PROXY
AuthType Basic
Require valid-user
</Files>
RewriteCond %{AUTH} !=""
RewriteRule .* login
Not working (getting 404 continuously).
RedirectMatch 404 ^/admin(/?|/.*)$
RewriteRule ^login/(.*) admin/$1
RewriteCond %{THE_REQUEST} ^GET\ /admin/
RewriteRule ^admin/(.*) /login/$1 [L]
Not working while .htaccess is present in admin directory (otherwise it became unprotected).
This is my application skeleton:
application
controllers
backend
[backend_controllers_here]
[frontend_controllers_here]
models
[shared_models_for_both_backend_and_frontend]
views
backend
[backend_views_here]
[frontend_views_here]
...
system
index.php
.htaccess
This is my .htaccess file content:
Options -Indexes
Options +FollowSymLinks
# Set the default file for indexes
# DirectoryIndex index.php
<IfModule mod_rewrite.c>
# activate URL rewriting
RewriteEngine on
# do not rewrite links to the documentation, assets and public files
RewriteCond $1 !^(images|assets|uploads|captcha)
# do not rewrite for php files in the document root, robots.txt or the maintenance page
RewriteCond $1 !^([^\..]+\.php|robots\.txt)
# but rewrite everything else
RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
# If we don't have mod_rewrite installed, all 404's
# can be sent to index.php, and everything works as normal.
ErrorDocument 404 index.php
</IfModule>
It's nothing wrong when I type on address-bar something like these (for frontend):
mysite.local
mysite.local/index.php
mysite.local/index.php/frontend_controller
mysite.local/frontend_controller
But for backend I had a 403 error when try to access:
mysite.local/backend
mysite.local/backend/some_backend_controller
However, with index.php in URL everything is fine.
mysite.local/index.php/backend
mysite.local/index.php/backend/some_backend_controller
Am I missing something here?
Thanks for your time!
check the permission for the backend folder. it maybe prevents the webserver from reading the actual content of the directory.
The permission should allow reading for everyone
What does your config/routes.php look like? Might try something like this:
$route['backend'] = "backend/controller/method";
I'm having a small problem with my htaccess files. Currently, it redirects everything back to index.php for processing, except when someone tries to access an actual directory. When the directory exists, it displays the 403 error page instead of rewriting the path to index.php like it's supposed too. What can I modify to make it always go to index.php when the files are accessed via the internet, but still load the correct files in PHP on the server?
Options -Indexes +FollowSymLinks
RewriteEngine On
RewriteBase /
ErrorDocument 403 /index.php?403
ErrorDocument 404 /index.php?404
ErrorDocument 414 /index.php?414
RewriteCond %{HTTP_HOST} !^$ [NC]
RewriteRule !^(.*) index.php [L]
Sample file structure:
Web Directory
- com
- source
- index.php
- TEST.HTML
The folders such as 'com' and source' will display the 403 because the user doesn't have access to them. The files such as 'index.php' and 'TEST.HTML' execute normally. I want my htaccess to redirect everything in the Web Directory folder back to the index.php file, no matter what.
I think you want this instead:
Options -Indexes +FollowSymLinks
RewriteEngine On
RewriteBase /
ErrorDocument 403 /index.php?403
ErrorDocument 404 /index.php?404
ErrorDocument 414 /index.php?414
RewriteCond %{REQUEST_URI} !^/index.php
RewriteRule .* index.php [L]
This was on the assumption that you didn't want to be able to access TEST.HTML directly and didn't want to change the URL in the user's browser. If either of those assumptions were wrong, let me know and I'll update the answer with the appropriate rewrite information.