I have a site with a virtual directory structure like mysite.com/folder/title which is actually a .htaccess rewrite to mysite.com/f/index.php?p=title. I want to password protect the folder folder with .htaccess, and know how to do that with actual folders. But I don't want to password protect the main site mysite.com, and right now if I put the .htaccess file in the mysite.com directory, I am protecting mysite.com and mysite.com/folder. I have also tried protecting mysite.com/f.
How can I protect only mysite.com/folder using .htaccess?
EDIT: Added .htaccess contents of mysite.com.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^folder/(.*)$ /f/index.php?p=$1 [PT,L,QSA]
RewriteRule ^folder/*$ /f/index.php [L,QSA]
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
.htaccess file I tried in mysite.com/f This successfully protects the entire site when moved to mysite.com, so I know the path is correct. When it is in the subdirectory it generates a 404 error and not a password prompt.
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/myusername/.htpasswd
require valid-user
Old thread is old...
Stumbled across this while having a similar issue, password protecting a subdomain while keeping the main site without.
The solution was easier than I originally made it out to be.
In the document_root/.htaccess, domain.com/wiki was redirecting to domain.com/w (because that's cleaner? lol):
RewriteEngine On
RewriteRule ^/?w(/.*)?$ /wiki/index.php [PT,L,QSA]
RewriteRule ^/*$ /wiki/index.php [L,QSA]
In document_root/wiki/.htaccess the wiki directory was password protected:
AuthType Basic
AuthName "Restricted"
AuthUserFile "/home/user/.htpasswds/public_html/wiki/passwd"
require valid-user
I simply added this line to the top of document_root/.htaccess so it reads:
AuthType None
RewriteEngine On
RewriteRule ^/?w(/.*)?$ /wiki/index.php [PT,L,QSA]
RewriteRule ^/*$ /wiki/index.php [L,QSA]
domain.com is no longer password protected and domain.com/wiki redirects as intended and with password protection.
Hope it helps someone else.
One thing that works (but isn't the most elegant solution) is to actually create a folder named "folder" (or whichever virtual folder you're trying to password-protect) and put the .htaccess into it.
Assuming you are using Apache 2.2
... and, that your server is running on a machine to which you do not have permission to modify the server configuration
... then, create: mysite.com/f/.htaccess with the rule you desire.
A good discussion of when to use this and when not to can be found here.
Related
my domain
example.com
I want install Laravel to subfolder
example.com/my_app
when I pass the link
example.com/my_app/public - I see page "You have arrived", but I want see this page without segment "public".
I want make something like I do when I use Laravel not in subfolder, like this:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(.*)$ public/$1 [L]
</IfModule>
I edited .htaccass file in base folder (example.com) :
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/my_app
RewriteRule ^(.*)/$ my_app/public/$2 [L,R=301]
</IfModule>
after this when I pass at example.com/my_app/ I redirects to example.com/my_app/public and I see page "You have arrived", but this is redirect (R=301) and if I delete flag R=301 - I see page with "Whoops, looks like something went wrong."
I am three days looking solutions in this website, but ...
tell me what am I doing wrong.
Thank.
The entry point for all requests to a Laravel application is the public/index.php.
for further info you can go to this link.
Assuming you are using Apache, You would need to configure virtual host for this as you would need to point example.com/my_app to your laravel/public/index.php. directory.
I know very little about symfony framework. I copied a website www.example.net to www.example.com site works with url www.example.com/www/app.php or even with www.example.com/www/ but I want it to redirect automatically to app.php without showing it in the url. My htaccess in the www (web) directory is as follows:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ app.php [QSA,L]
<IfModule>
It doesn't redirect.
Thanks
In your Vhost:
Change this line (Directory section):
AllowOverride None
to:
AllowOverride All
Instead of that rule can you try:
RewriteBase /www/
RewriteRule ^((?!app\.php).*)$ app.php/$1 [NC,L]
Sorry I can't test with Symphony as I am not near my home computer.
A bit late to this game but I just found an Apache directive that saves so much time and makes your htaccess cleaner. The only caveat is you must have Apache 2.2.16+. To have all urls except valid files (images, etc) use app.php as a front controller use the FallbackResource directive.
<Directory "/web/symfony-project">
FallbackResource /app.php
</Directory>
I have a site that has an admin page (eg admin.php) that is normally accessed via mydomain.com/admin.php
What I was hoping to be able to do is to use htaccess to map
"admin.mydomain.com" to "mydomain.com/admin.php" in such a way that the user would never know that it was a 'file'.
That is, if someone externally tried to access "mydomain.com/admin.php", I want it to 404.
Now, for the even hard part: the admin.php page will want to serve links as "/admin.php?param=value", etc and so I'd need to look at the referrer (???) to let this work as expected.
can htaccess do this? Any idea on where to start?
If you have set up a record for admin.mydomain.com with the same IP Address as mydomain.com as well as the same DocumentRoot,
Then this can be done like this in your .htaccess:
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:REDIRECT_STATUS} 200
RewriteRule ^ - [L]
RewriteCond %{HTTP_HOST} ^(admin\.) [NC]
RewriteRule ^ %1php [L]
RewriteCond %{REQUEST_URI} admin\.php$ [NC]
RewriteRule ^ - [R=404,L]
I don't really understand what you are trying to do (or really why you absolutely need to have the page mydomain.com/admin.php).
If you are trying to "hide" it from the users, why not actually create a subdomain, place the file in the subdomain, implement security on the entire subdomain and then there is no need for messing around with redirections, referrers or query strings.
For security you might want to do something like this:
In your .htaccess put:
AuthUserFile /path/to/htpasswd/file/.htpasswd
AuthGroupFile /dev/null
AuthName "MyDomain Admin Area"
AuthType Basic
require valid-user
Create the file .htpasswd using a generator such as this
Then you will have no need to hide the page from the user because without the correct username and password, they will get a 403.
i have two domains setup one called fastcms.com and the other is called fastautos.com.
fastautos.com is based in the /home/speedycm/public_html/fastautos/ directory on my fastcms.com server (acting as an add on domain)
the problem i'm having now is that i want to allow users to use the fastautos.com website but continue to restrict usage to the fastcms.com website (password request).
currently both sites ask for a passsword. i only want it to ask for a password on the fastcms.com website.
this is my htaccess file at the moment!
RewriteEngine on
AuthType Basic
AuthName "restricted area"
AuthUserFile /home/fastcm/public_html/.htpasswd
require valid-user
RewriteCond %{HTTP_HOST} ^fastautos.co.uk$ [OR]
RewriteCond %{HTTP_HOST} ^www.fastautos.co.uk$
RewriteRule ^/?$ "http\:\/\/fastcms\.co\.uk\/fastautos\/" [R=301,L]
please help! many thanks in advance
If my memory is good, you can put the AuthType etc into a Directory section, that is applied to one directory only.
Also, if you have not denied it, you can create .htaccess file within directories of each of your site the override general settings.
I think I know how to hide the files but how do I use mod_rewrite to allow only the web service to be called in the same directory?
Here is the directory/file structure
/var/www/html/xmlrpc/xmlrpc.server.php
/var/www/html/xmlrpc/xmlrpc.client.php
/var/www/html/xmlrpc/xmlrpc.class.php
/var/www/html/xmlrpc/xmlrpc.ini
/var/www/html/xmlrpc/logs
Important note: /var/www/html/xmlrpc/logs has 777 permission
before you start harping on me I plan to move this into a non public directory and give the correct permissions. But I was asked to see if I could hide it with the .htaccess file.
.htaccess
AuthType Basic
AuthName "My hidden files"
AuthBasicProvider file
AuthUserFile /var/www/html/xmlrpc/.pswds
Require valid-user
.pswds
user:5/abcde1abcdE
Also I'm a newbie with mod_rewite/mod_alias and need this URL:
http://127.0.0.1/xmlrpc/xmlrpc.server.php
to be this:
http://127.0.0.1/xmlrpc/v1/
How does one do this?
Also on know on the virtual host setup in Apache you can set the log file paths/names, can this be done from the .htaccess file as well?
Examples are welcome as this is a learning experience for me as well.
Ah mod_rewrite. Try this in the xmlrpc directory:
RewriteEngine On
RewriteRule ^v1/$ xmlrpc.server.php [L]
Some questions though - does xmlrpc.server.php take any get parameters? Can you guarantee that the url will always include a trailing slash?
To enforce a trailing slash as well as some other stuff, try this:
# Allows direct linking to files
RewriteCond %{REQUEST_FILENAME} !-f
#Checks if the url is missing a slash, if so, evaluate rule below
RewriteCond %{REQUEST_URI} !(.*)/$
RewriteRule ^(.*)$ http://127.0.0.1/$1/ [L,R=301]
The last rule will have to be adjusted depending on where you put the .htaccess file. If it's at the root, then it will work for all lower directories. If it's in the xmlrpc folder, then you can leave off the localhost.
Also remember to restrict access to the .htaccess file:
<Files .htaccess>
order allow,deny
deny from all
</Files>
Someone else will have to answer the other questions - not as familiar with that.