htacess hotlinking question - .htaccess

My htaccess have this code
#
# Apache/PHP settings:
#
Options -Indexes
Options +FollowSymLinks
**# NOT WORKING #
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?yourwebdomain.com(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www.)?friend1domain.com(/)?.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www.)?friend2domain.com(/)?.*$ [NC]
# NOT WORKING #**
# Set the default handler.
DirectoryIndex index.php
# PHP5, Apache 1 and 2
<IfModule mod_php5.c>
php_value magic_quotes_gpc 0
php_value register_globals 0
php_value session.auto_start 0
php_value memory_limit 128M
php_value output_buffering 4096
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine on
# Modify the RewriteBase if you are using zina in a subdirectory and
# the rewrite rules are not working properly.
#RewriteBase /zina
# Rewrite current-style URLs of the form 'index.php?p=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
#RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?p=$1 [L,QSA]
</IfModule>
How do i prevent hotlinking from other site for my mp3 and jpg file?
My url for download mp3 end as http://www.domain.com/music/cat_one/band_name/file_mp3_name.mp3?l=12

You could encapsulate your links to your mp3 and jpg files inside javscript functions. In this way, you do not have a link in html, but a user action (liking clicking on some element) will trigger a javascript which in turn loads the mp3 or jpg via i.e. ajax.
This will stop most hotlinking because the other website would have to emulate a user (which is not impossible, but most often probably not worth the effort).

Related

htaccess - change file dir with filter

I'm currently trying to make a htaccess thing to find the file in new/ if the request uri not contains api or list. I tried to do a thing like this but, it shows 403 error. Are there a easier way to filter, or?
RewriteEngine on
RewriteCond %{REQUEST_URI} /api/ [NC]
RewriteCond %{REQUEST_URI} /list/ [NC]
RewriteRule ^/(.*)$/ new/$1 [L, R]
Full htaccess code
#remove html file extension
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule ^(.*)$ $1.html [NC,L]
#remove php file extension
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php [NC,L]
#set max post size
php_value memory_limit 2048M
php_value max_execution_time 3000
php_value max_input_time 6000
php_value post_max_size 800M
php_value upload_max_filesize 200M
#Caching schema
<FilesMatch "\.(png|svg|css|eot|ttf|woff|woff2|otf|js|css)$">
Header set Cache-Control "public, max-age=86400000"
</FilesMatch>
DirectoryIndex index.html
#Custom 404 errors
ErrorDocument 404 /404.html
#Prevent viewing of .htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>
<Files error_log>
order allow,deny
deny from all
</Files>
#Prevent directory listings
Options All -Indexes
EDIT: With OP's full htaccess file please try following.
#remove html file extension
RewriteEngine on
##For external redirect rule.
RewriteCond %{THE_REQUEST} !\s/(?:api|list).*\s [NC]
RewriteRule ^(.*)/?$ new/$1 [L,R=301]
##For internal redirect rule.
RewriteRule ^new/(.*)/?$ $1 [L,NC]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule ^(.*)/?$ $1.html [NC,L]
#remove php file extension
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)/?$ $1.php [QSA,NC,L]
#set max post size
php_value memory_limit 2048M
php_value max_execution_time 3000
php_value max_input_time 6000
php_value post_max_size 800M
php_value upload_max_filesize 200M
#Caching schema
<FilesMatch "\.(png|svg|css|eot|ttf|woff|woff2|otf|js|css)$">
Header set Cache-Control "public, max-age=86400000"
</FilesMatch>
DirectoryIndex index.html
#Custom 404 errors
ErrorDocument 404 /404.html
#Prevent viewing of .htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>
<Files error_log>
order allow,deny
deny from all
</Files>
#Prevent directory listings
Options All -Indexes
With your shown attempts/rules, could you please try following once. Please make sure to clear browser cache before testing your URLs.
RewriteEngine on
##For external redirect rule.
RewriteCond %{REQUEST_URI} !^/(?:api|list)/? [NC]
RewriteRule ^(.*)/?$ new/$1 [L,R=301]
##For internal redirect rule.
RewriteRule ^new/(.*)/?$ $1 [L,NC]
OR try following rules set: Please make sure try only 1 set at a time, either above OR following.
RewriteEngine on
##For external redirect rule.
RewriteCond %{THE_REQUEST} !\s/(?:api|list).*\s [NC]
RewriteRule ^(.*)/?$ new/$1 [L,R=301]
##For internal redirect rule.
RewriteRule ^new/(.*)/?$ $1 [L,NC]
You may try these rules in your site root .htaccess:
RewriteEngine On
# redirect to /new if not /api, /list, /new and file exists in /new
RewriteCond %{THE_REQUEST} !\s/+(new|api|list)/ [NC]
RewriteCond %{DOCUMENT_ROOT}/new/$0 -f
RewriteRule .* /new/$0 [L,R=301,NE]
## remaining rules go below this line ##
# remove html file extension
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.html -f
RewriteRule ^(.*?)/?$ $1.html [L]
# remove php file extension
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.*?)/?$ $1.php [L]
Make sure to test it after clearing your browser cache or test from a new browser.

Redirect HTTP to HTTPS on each and every page of website

I finally installed SSL on my website www.giftdays.jp. it works flawlessly.
It shows green padlock "secured" like I wished for.
But the problem is it only shows on main page. Whenever I access other page such as product page and all, green padlock is gone, and just shows exclamation inside circle. ( It doesn't show NOT SECURED WITH CROSSED HTTPS) .
After opening inspects from chrome, I get MIXED CONTENT error .
This is the exact error.
"Mixed Content: The page at 'https://www.giftdays.jp/products/list.php?mode=search&sps=5' was loaded over HTTPS, but requested an insecure image 'http://www.giftdays.jp/special/list_header/happywedding/images/happywedding.png'. This content should also be served over HTTPS."
Though my site is loaded on HTTPS , why isn't it showing green padlock?
By googling and all, I ended up in stack with someone posting some htaccess post which i added on my htaccess and uploaded on server. Code I added was :
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Yet no changes on other pages of website.
This is what`s inside my htaccess file :
# 基本は SC_Initial.php で設定するが、ini_setで反映されないものはここで設定する
php_value mbstring.language Japanese
php_flag mbstring.encoding_translation off
php_value output_handler none
php_flag magic_quotes_gpc off
php_flag session.auto_start 0
# INI_ALL なのにもかかわらず, ini_set で指定しても反映されない環境がある...
php_value mbstring.internal_encoding UTF-8
# デフォルトテンプレートの状態で 2M 近くになるため
php_value upload_max_filesize 5M
#php_value post_max_size 8M
php_flag register_globals off
RewriteEngine on
Options -Indexes
###################
# メンテナンス中
###################
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/503.php
RewriteCond %{REQUEST_URI} !^/maintenance.html
RewriteCond %{REQUEST_URI} !^/Gds1q2w3eAdmin/
RewriteCond %{REQUEST_URI} !^/user_data/
RewriteCond %{REMOTE_ADDR} !=114.179.83.200
RewriteCond %{REMOTE_ADDR} !=54.250.233.6
RewriteCond %{TIME_YEAR}%{TIME_MON}%{TIME_DAY}%{TIME_HOUR}%{TIME_MIN} >201403311500
RewriteCond %{TIME_YEAR}%{TIME_MON}%{TIME_DAY}%{TIME_HOUR}%{TIME_MIN} <201406011000
RewriteRule ^.*$ /503.php [L]
###################
# 通常使用
###################
RewriteRule ^guide/(.*)$ user_data/guide/$1
RewriteRule ^products/shop_map.php user_data/products/shop_map.php
RewriteRule ^concierge/.* user_data/concierge/$1
RewriteRule ^original/(.*)$ user_data/original_catalog/$1
RewriteRule ^gift/(.*)$ user_data/gift/$1
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
#商品ページのURL書き換え
RewriteRule ^gifts/([0-9]+)/$ products/detail.php?product_id=$1 [QSA,L]
RewriteRule ^gifts/([0-9]+)/shop_map.php user_data/products/shop_map.php
#カタログページのURL書き換え
RewriteRule ^catalog/price-([0-9]+)/$ user_data/catalog/list.php?catalog_type_id=1&catalog_id=$1 [QSA,L]
RewriteRule ^catalog/theme-([0-9]+)/$ user_data/catalog/list.php?catalog_type_id=2&catalog_id=$1 [QSA,L]
RewriteRule ^catalog/(.*)$ user_data/catalog/$1
#有効性テスト用
# Redirect /api/ http://www.google.com
#Pマーク指摘対応
RewriteCond %{REQUEST_URI} .*/contact/.*$ [OR]
RewriteCond %{REQUEST_URI} .*/entry/.*$ [OR]
RewriteCond %{REQUEST_URI} .*/gift/.*$ [OR]
RewriteCond %{REQUEST_URI} .*/mypage/.*$
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} ^(www\.)?giftdays.jp$ [NC]
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
# 404ページ
ErrorDocument 404 /user_data/404.php
Upon investigating more, I found some http inside my templates folder inside ftp. But they are like in many 100+ I guess.Should i go inside one by one and change all to https or is there anything I could do to change all at once?
Thank you
When setting up Apache to send an http request to https, you can't use the rewrite engine. You have to use the Redirect directive.
Probably you already have two VirtualHost blocks setup for http and https. Any request arriving on the http VirtualHost should be redirected to the https URL.

htaccess Rewrite Rule not working without index.php in url

I am using apache2 in ubuntu m/c. I have enabled mod_rewrite and changed Allowoveride All in apache2.conf
Now I am trying to install Bug-Genie application in my server
But following .htaccess rules are not work as excepted.
I can access :
http://localhost/roxsoft/thebuggenie-3.2.6/thebuggenie/**index.php**/wiki
But I can't access : --404 error
http://localhost/roxsoft/thebuggenie-3.2.6/thebuggenie/wiki
Here is my .htaccess file:
# .htaccess file for The Bug Genie
# make sure that magic_quotes and register_globals is always off
<IfModule mod_php5.c>
php_flag magic_quotes_gpc off
php_flag register_globals off
</IfModule>
# rewrite rules
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# Example:
# RewriteBase /
# or
# RewriteBase /dev/thebuggenie
# skip all hidden files (starting with a .)
RewriteCond %{REQUEST_URI} \..+$
RewriteCond %{REQUEST_URI} !\.(html|wsdl|json|xml)$
RewriteRule .* - [L]
# redirect to front controller
RewriteRule ^(.*)$ index.php?url=$1 [NC,QSA,L]
</IfModule>
# Stop people accessing directories they shouldn't have access to
RedirectMatch 403 ^/\.svn(/|$)
Try this:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond $1 !^(index\.php|assets|images|robots\.txt)
RewriteRule ^(.*)$ index.php/$1 [L]
Add the folder which contains the JavaScript and CSS to the rewrite condition
Here is the solution I just managed it with. This may help if anyone had a same problem...
I just removed
and added additional conditions in htaccess
here is it:
RewriteCond %{REQUEST_URI} \..+$
RewriteCond %{REQUEST_URI} !\.(html|wsdl|json|xml)$
RewriteCond %{REQUEST_URI} !\.(jpg|png|css|js|php|gif|ttf|woff)$ ---- ADD FILTER CONDITION.
#RewriteRule .* - [L] ---- COMMENT THIS LINE************
# redirect to front controller
RewriteRule ^(.*)$ index.php?url=$1 [NC,QSA,L]

.htaccess - infinite loop

I'm getting an infinite loop on this site - http://www.salesmelbourne.com
below is the .htaccess and I know the problem is in the last 4 lines - well I think so - can some offer some advice... thx
php_value session.gc_maxlifetime 259200
php_flag register_globals off
php_flag zlib.output_compression on
php_flag output_compression_level 6
<Files *>
Header set Cache-Control: "private, pre-check=0, post-check=0, max-age=0"
Header set Expires: 0
Header set Pragma: no-cache
</Files>
# File Upload 25MB
php_value post_max_size 20M
php_value upload_max_filesize 20M
php_value max_execution_time 1000
# use utf-8 encoding for anything served text/plain or text/html
AddDefaultCharset utf-8
# force utf-8 for a number of file formats
AddCharset utf-8 .html .css .js .xml .json .rss .php
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule (.*) http://www.%{HTTP_HOST}/$1 [R=301,L]
# Internally redirect all pages to index.php
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^/ajax/pages/(.*)$ /www/ajax/pages/404_error.php [R=301]
RewriteRule . index.php [L]
# Internally redirect all pages to index.php
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^/ajax/pages/(.*)$ /www/ajax/pages/404_error.php [R=301]
RewriteRule . index.php [L]
What line #2 (from the end) does? It is not suppose to work anyway, since URL pattern in RewriteRule starts with NO leading slash, but you have it there (^/ajax/pages/(.*)$).
Since I do not know how that particular rule is expected to be working, there are 2 possible solutions (both will work -- it's all about the aforementioned line -- does it need those 2 conditions to function properly or not):
# I have no idea how this rule is supposed to work, but assume it's the way to go
RewriteRule ^ajax/pages/(.*)$ /www/ajax/pages/404_error.php [R=301]
# Internally redirect all pages to index.php
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . index.php [L]
or like this (if those conditions are important for that rule)
# I have no idea how this rule is supposed to work, but assume it's the way to go
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ajax/pages/(.*)$ /www/ajax/pages/404_error.php [R=301]
# Internally redirect all pages to index.php
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . index.php [L]

remove www from https

I'm trying to find a htaccess rewrite to remove www. from https: pages only. Every article I've found removes www for all pages.
What do I need in .htaccess to do this?
https://www.mydomain.com should be https://mydomain.com
https://mydomain.com should remain https://mydomain.com
http://www.mydomain.com should remain http://www.mydomain.com
http://mydomain.com should remain http://mydomain.com
I've been able to get the following working:
RewriteCond %{HTTPS}s ^on(s)|
RewriteCond http%1://%{HTTP_HOST}%{REQUEST_URI} ^(https?://)www\.(.+) [NC]
RewriteRule ^ %1%2 [L,R,QSA]
But this rewrites both https and http
Here is my current .htaccess
SetEnv DEFAULT_PHP_VERSION 5
RewriteEngine on
RewriteOptions MaxRedirects=1
# You may need to uncomment the following line on some hosting environments,
# for example on unitedhosting.co.uk
# RewriteBase /
# The following line has been added in order to exclude the webim
# directory from the LemonStand URL processing.
RewriteCond %{REQUEST_URI} !^/webim
#
# Do not allow executing any PHP scripts
#
RewriteRule ^(.*).php$ index.php [L]
#
# The following section automatically adds a trailing slash to all URLs
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !(\.[a-zA-Z0-9]{1,5}|/)$
RewriteCond %{HTTP:X-REQUESTED-WITH} !^(XMLHttpRequest)$
RewriteCond %{REQUEST_METHOD} !^HEAD$
RewriteCond %{REQUEST_METHOD} !^POST$
RewriteRule (.*)([^/])$ %{REQUEST_URI}/ [R=301,L]
# The following line has been added in order to exclude the webim
# directory from the LemonStand URL processing.
RewriteCond %{REQUEST_URI} !^/webim
#
# Product files downloading URL
#
RewriteRule (^download_product_file/.*) index.php?q=/$1 [L,QSA]
# The following line has been added in order to exclude the webim
# directory from the LemonStand URL processing.
RewriteCond %{REQUEST_URI} !^/webim
#
# Administration Area file downloading URL
#
RewriteRule ls_backend/files/get/(.*) index.php?q=/backend_file_get/$1 [L]
# The following line has been added in order to exclude the webim
# directory from the LemonStand URL processing.
RewriteCond %{REQUEST_URI} !^/webim
#
# All other requests
#
RewriteCond %{REQUEST_URI} !(\.(ico|js|jpg|gif|css|png|swf|flv|txt|xml|xls|pdf|eot|woff|ttf|svg|mp4)$)
RewriteCond %{REQUEST_URI} !(phproad/thirdpart/.*)
RewriteRule ^(.*)$ index.php?q=/$1 [L,QSA]
ErrorDocument 404 "File not found"
#
# PHP configuration
#
<IfModule mod_php5.c>
php_flag session.auto_start off
php_value session.cookie_lifetime 31536000
php_flag session.use_cookies on
php_flag session.use_only_cookies on
php_value session.name FWCSESSID
php_flag short_open_tag on
php_flag asp_tags on
php_flag magic_quotes_gpc off
php_value date.timezone GMT
php_value post_max_size 100M
php_value upload_max_filesize 100M
php_value memory_limit 264M
</IfModule>
RewriteEngine On
# Check that you're on port 443 and the hostname starts with www
RewriteCond %{SERVER_PORT} ^443
RewriteCond %{HTTP_HOST} ^www\.
# Redirect to domain without the www
RewriteRule (.*) https://example.com$1 [L,R,QSA]
This should work:
RewriteEngine On
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} ^www\.
RewriteRule ^(.*)$ https://mydomain.com/$1 [R,QSA,L]
If HTTPS is on and HTTP_HOST is www.mydomain.com, then it redirects to https://mydomain.com/.
We can achieve this via apache virtualhost
<VirtualHost *:80>
ServerName www.example.com
Redirect / https://example.com/
</VirtualHost>
<virtualHost *:443>
DocumentRoot /var/www/html/example.com
ServerName example.com
</VirtualHost>
Add one more condition (to your existing redirect rule):
RewriteCond %{HTTPS} ^on$
This will remove www. from both https and http, and without having to add your domain.
# remove www. (generic method with HTTPS support)
RewriteCond %{HTTP_HOST} ^www\.
RewriteCond %{HTTPS}s ^on(s)|off
RewriteCond http%1://%{HTTP_HOST} ^(https?://)(www\.)?(.+)$
RewriteRule ^ %1%3%{REQUEST_URI} [R,L]
Meu arquivo final .htaccess sendo usado dentro de uma pasta e com redirecionamento de https também.
My finishing file .htaccess inner using path url (ex: example.com/intranet):
Options -Indexes
Options +FollowSymLinks
Options -MultiViews
DefaultLanguage pt-BR
ServerSignature Off
DirectoryIndex index.php
RewriteEngine On
# Check that you're on port 443 and the hostname starts with www
RewriteCond %{SERVER_PORT} ^443
RewriteCond %{HTTP_HOST} ^www\.
# Redirect to domain without the www
RewriteRule (.*) https://example.com/intranet/$1 [L,R,QSA]
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

Resources