Archive for category Apache
Convert htaccess.txt into a .htaccess in Joomla!
Posted by admin in HTTP Server on October 19, 2009
When using PHP as an Apache module, you can change the configuration settings using directives in Apache configuration files (e.g. httpd.conf and .htaccess files). You will need “AllowOverride Options” or “AllowOverride All” privileges to do so. If you control your own Apache configuration, you can and should use httpd.conf. If you do not control your Apache configuration (such as on a shared hosting server), you must use .htaccess files.
Directions
1. First look for the file, htaccess.txt in your root directory. It should have been installed during the Joomla! installation. (Note that this file name does not begin with a dot.) Open and carefully read htaccess.txt. It contains important suggestions on how to protect your site.
2. Make any adjustments to this file as appropriate for your site, and then save it in your site’s home directory as, .htaccess including the dot.
3. Test your site’s front end and back end. If it produces errors, rename the file back to htaccess.txt, and troubleshoot your edits. If you are unable to get this working, you may have to leave the file named htaccess.txt.
4. Use phpinfo() to ensure that all configurations set as you intended. Note: Web-accessible files that include phpinfo() are potential security risks they offer attackers lots of useful information about your server. Always remove such files after use.
htaccess Permalink mod_rewrite
Posted by admin in HTTP Server on February 3, 2009
This article teaches you how to create a simple htaccess file to make permalink using mod_rewrite. To make PHP permalink or permanent link using Apache HTTP Server’s mod_rewrite is easy. Below is an example to make http://mysite/products.php?section=games&file=hoopy look like http://mysite/products/games/hoopy.html
1. create a .htaccess file using text editor
2. add in the code below:
Options +FollowSymlinks
RewriteEngine on
RewriteRule ^products/([^/]+)/([^/]+).html /products.php?section=$1&file=$2 [NC]
3. save and close the file.
4. put the file under the root of your domain server
And now it’s done! Hope this helps! :)
Htaccess Redirect From subdirectory to subdomain
Posted by admin in HTTP Server on January 23, 2009
Use htaccess, you can redirect a subdirectory to subdomain, for instance: http://www.mydomain.com/info to http://info.mydomain.com.
In the example below, anything at highub.com/blog will be redirected to blog.highub.com:
Options -Indexes +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^highub.com [NC]
RewriteRule ^(.*)$ http://www.highub.com$1 [L,R=301]
RedirectMatch 301 ^/blog/(.*)$ http://blog.highub.com/$1
Apache htaccess Prevent Users from Uploading and Executing Files
Posted by admin in HTTP Server on June 1, 2008
There are times we want to prevent users from uploading PHP files to an unload area and then executing them. Any time you permit the uploading of files to any portion of your website, someone will attempt to take advantage of this to exploit your server. It’s inevitable, and you need to take proactive steps to prevent this from causing damage to your server.
The technique supplied here will work for a variety of different file types once you understand why it works. In particular, you want to prevent PHP files from being uploaded, because these files might contain malicious code.
RewiteEngine On
RewriteCond %{REQUEST_METHOD} ^PUT$ [OR]
RewriteCond %{REQUEST_METHOD} ^MOVE$
RewriteRule ^/files/(.*)\.php /files/$1.nophp
Files that are uploaded to the /files section of our website (you’ll need to modify this to point to whatever portion of your site where you’re permitting upload) with a .php file extension are created instead with a .nophp file extension, rendering them inoperable. Likewise, if someone attempts to rename an existing file to have a .php extension, this rename operation will result in the file being renamed to have a .nophp extension instead. Many well-known exploits involve this type of two-step attack, where a file is first uploaded and then executed. Preventing the initial upload goes a long way toward completely blocking these types of attacks.
htaccess Conditional Loop Redirect
Posted by admin in HTTP Server on May 27, 2008
Like the ‘if’ statement in many programming languages, you can use conditional rule to control mod_rewrite redirect. One very common use for RewriteCond is to prevent looping.
The following rule set causes any request starting with home to be redirected to /home.html. The resulting URL, however, starts with home and will therefore trigger the RewriteRule to be run again. The RewriteCond directive ensures that the rule will be skipped if the request is already for home.html and thus avoids this looping.
RewriteCond %{REQUEST_URI} !^/home\.html
RewriteRule ^home /home.html [R]
Useful mod_rewrite Resources
Posted by admin in HTTP Server on May 26, 2008
There are many free and useful mod_rewrite resources online.
Regex Tools
If you’re going to spend more than just a little time messing with regexes, you’re eventually
going to want a tool that helps you visualize what’s going on. There are a number of
them available, each of which has different strengths and weaknesses. You’ll find that
most of the really good tools for regular expression development come out of the Perl community, where regular expressions are particularly popular and tend to get used in
almost every program.
Regex Coach, which is available for Windows and Linux, and can be downloaded from http://www.weitz.de/regex-coach/. Like Rebug, Regex Coach allows you to step through a regular expression and watch what it does and does not match. This can be extremely instructive as you learn to write your own regular expressions.
Reference Sources
Because mod_rewrite is built on top of the Perl Compatible Regular Expression (PCRE) vocabulary, it is god to take a look at the Perl regular expression documentation, which you can find online at http://perldoc.perl.org/perlre.html or by typing perldoc perlre at your command line, and the PCRE documentation, which you can find online at http://pcre.org/pcre.txt.
Create Custom Error Pages Using htaccess PHP
Posted by admin in HTTP Server, PHP Core on May 11, 2008
Human creations are like ourselves – imperfect. The occurrence of error, whether caused by the surfer or by programmer, is inevitable. But it’s our job to do the damage control, the best thing to do when an error occurs is to redirect browsers that experience a 404 error (Not Found) to the file “error.php” located on the root of the server. With a little PHP coding you can set up this file to handle all error codes which will make them easier to manage.
The complete (and very long) list of errors is available here: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
Some of the most common errors you’ll probably want to make entries for are:
400 – Bad Request
401 – Unauthorized
403 – Forbidden
404 – Not Found
500 – Internal Server Error
.htaccess
To catch those errors, you would add the following to .htaccess for the domain you’d like to configure:
ErrorDocument 400 /error.php ErrorDocument 401 /error.php ErrorDocument 403 /error.php ErrorDocument 404 /error.php ErrorDocument 500 /error.php
error.php
Then, in error.php, add something like the following. This particular example is made for a wordpress site, and if someone goes to http://www.example.com/Foo and the page’s not found, they are redirected to the search result page http://www.example.com/index.php?s=Foo. Anything after the last “/” is assumed to be a search term they were trying to get to.
<!--p
// this is especially useful with error 404 to indicate the missing page.
$page_redirected_from = $_SERVER['REQUEST_URI'];
$server_url = "http://" . $_SERVER["SERVER_NAME"] . "/";
$redirect_url = $_SERVER["REDIRECT_URL"];
$redirect_url_array = parse_url($redirect_url);
$end_of_path = str_replace("/", "", $redirect_url_array["path"]);
switch(getenv("REDIRECT_STATUS"))
{
# "400 - Bad Request"
case 400:
$error_code = "400 - Bad Request";
$explanation = "The syntax of the URL submitted by your browser could not be understood.";
$explanation .= "Please verify the address and try again.";
$redirect_to = "";
break;
# "401 - Unauthorized"
case 401:
$error_code = "401 - Unauthorized";
$explanation = "This section requires a password or is otherwise protected.";
$explanation .= "If you feel you have reached this page in error, ";
$explanation .= "please return to the login page and try again, ";
$explanation .= "or contact the webmaster if you continue to have problems.";
$redirect_to = "";
break;
# "403 - Forbidden"
case 403:
$error_code = "403 - Forbidden";
$explanation = "This section requires a password or is otherwise protected.";
$explanation .= "If you feel you have reached this page in error, ";
$explanation .= "please return to the login page and try again,";
$explanation .= " or contact the webmaster if you continue to have problems.";
$redirect_to = "";
break;
# "404 - Not Found"
case 404:
$error_code = "404 - Not Found";
$explanation = "The requested resource '" . $page_redirected_from . "'";
$explanation .= " could not be found on this server.";
$explanation .= "Please verify the address and try again.";
$redirect_to = $server_url."?s=". $end_of_path;
break;
# "500 - Internal Server Error"
case 500:
$error_code = "500 - Internal Server Error";
$explanation = "The server experienced an unexpected error.";
$explanation .= "Please verify the address and try again.";
$redirect_to = "";
break;
}
-->
<!--CTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dt-->
<!--p
if (strcmp($redirect_to, "") != 0)
{
-->
<!--p
}
-->
<h1>Error Code <!--p print ($error_code);--></h1>
The <a href="http://en.wikipedia.org/wiki/Uniform_resource_locator">URL</a> you requested was not found. <!--P echo($explanation);-->
<strong>Did you mean to type <a href="http://www.blog.highub.com/wp-admin/%3C?php print ($redirect_to); ?>"><!--p print ($redirect_to);--></a>?</strong>
You will be automatically redirected there in five seconds.
You may also want to try starting from the home page: <a href="http://www.blog.highub.com/wp-admin/%3C?php print ($server_url); ?>"><!--p print ($server_url);--></a>
<hr />
<em>A project of <a href="http://www.blog.highub.com/wp-admin/%3C?php print ($server_url); ?>"><!--p print ($server_url);--></a>.</em>
htaccess Require the www For Domain URL
Posted by admin in HTTP Server on May 4, 2008
While some people prefer to not use “www” in their web site URL, some prefer that it always be there. Either way, it can sometimes be useful to have a single canonical name by which your site can be accessed.
To force the use of “www” when viewers are reading your site, you can use the following mod_rewrite rule in your .htaccess file:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.example\.net$ [NC]
RewriteRule ^(.*) http://www.example.net/$1 [L,R]
This will ensure that anyone just typing your domain name in their browser ends up with the full name instead.
Reasons for Requiring WWW
Many domains offer a variety of services across many different hosts. These hosts are usually referenced using the server’s fully-qualified domain name (FQDN). This name takes the form of host.domain. So in the FQDN foo.example.net, you can see that the host “foo” is part of the “example.net” domain.
By convention, the web server hosting the main site for a domain can be referenced by using the hostname “www” (which is itself usually an alias, or CNAME record, to the servers actual FQDN). If you want to see the main site for example.net, a good bet would be to try going to www.example.net. Other services are generally offered using the same naming convention. Our example domain’s mail server might be mail.example.net, while their FTP server might be ftp.example.net.
Configuring your web server to also answer to just “example.net” is often done as a convenience for users or as a way to shorten your URL. There is no requirement that this shortcut work and, while most domains do utilize this, many do not.
Notes
While most domains configure their main web server to answer to both forms, most do not bother with this type of redirection from one to the other. Ultimately, as long as the content served is the same, it doesn’t usually matter what name is used to get to a given site.
One consideration when deciding whether to redirect “example.net” to “www.example.net” (or vice-versa) is that of Search Engine Optimization (SEO). Many search engines blacklist sites that “mirror” their site (have the same content at multiple URLs) under different domains and/or sub-domains. Spiders may not blacklist for a “www” mirror, but better to play it safe by picking one and redirecting the other to it.
There was a small movement at one time to get people to use “web” instead of “www” in their site names, thinking that it makes just as much sense and it’s easier to say “web.example.net” instead of “www…”
htaccess Remove the www From Domain URL
Posted by admin in HTTP Server on May 4, 2008
Some web developers prefer to remove the “www” from their website domain URL. Although I am personally skeptical about this practice. There are supporter for this practice, the general reasons for removing “www”, to quote from www. is deprecated, the inspiration for this article:
“By default, all popular Web browsers assume the HTTP protocol. In doing so, the software prepends the “http://” onto the requested URL and automatically connect to the HTTP server on port 80. Why then do many servers require their websites to communicate through the www subdomain? Mail servers do not require you to send emails to recipient@mail.domain.com. Likewise, web servers should allow access to their pages though the main domain unless a particular subdomain is required. Succinctly, use of the www subdomain is redundant and time consuming to communicate. The internet, media, and society are all better off without it.”
To automatically remove the www from the beginning of your domain, add the following mod_rewrite rule to your .htaccess file. If you don’t have that file, create it in a text editor and upload it to your root directory. The code assumes your domain is called example.com, so you will need to change it to match your domain:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
RewriteRule ^(.*)$ http://example.com/$1 [R=301,L]
Many web evangelist companies like Google and Yahoo still keep the www. To adopt this practice or not is totally up to you. If you have any better idea to use or not to use this, feel free to let me know!
htaccess Permanently redirect file or directory
Posted by admin in HTTP Server on May 1, 2008
If you would like to redirect your files or directories, but are worried about search engines or favorites that are linked to your old files or directories, add the following example to the .htaccess file. Just replace the filename and extension with your own.
Redirect permanent /filename.html http://www.example.com/filename.php
Redirect permanent /shell/install-ubuntu/ http://www.blog.highub.com/linux/install-ubuntu/
The first line above will redirect a link from filename.html to the new filename.php. The second line redirect directory. I believe it is required to have the entire http: protocol for the new file.
-
You are currently browsing the archives for the Apache category.
Translator
By N2H
