I have important config.json file, contains important data (like database username, password, etc...) and I'm protecting it using htaccess.
Can anyone access this file using any method (like hacking or anything like that)?
Full htaccess code:
<IfModule mod_rewrite.c>
DirectoryIndex index.php index.html
RewriteEngine On
# RewriteBase /
RewriteCond %{HTTP:Authorization} ^(.+)$
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.+)$ index.php [QSA,L]
Options -Indexes
# protect files
<FilesMatch "\.(sql|data|conf|dat|json|inf|info)$">
Order allow,deny
Deny from all
</FilesMatch>
</IfModule>
** Related Info: The server I'm using is apache with PHP code. Also my files is in a shared hosting company. **
Related
I'm trying to set locally a project that run on the web on a NGIX server. This is the htaccess i have downloaded:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /~sitename/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /~sitename/index.php [L]
</IfModule>
I'm trying to run it locally on an Apache server(on mamp) . It have placed the project in a folder on the server root:
http://localhost/sitename/
But i get a blank page.
I can access a specific internal page (and only that one) if i remove the tilde
~
Even without the tilde, i can't access the homepage of the project.
So what i'm doing wrong?
How the tilde works in this context ?
EDIT
my mod_rewrite is loaded/enabled
I have a wordpress installation locatet at /root/website/ and a seperate, non-wordpress subpage at /root/website/subpage/ so I can simply access it by www.domain.com/subpage
I want to have the subpage protected with a htaccess file but I always get a internal server error (500) after entering the login details.
Isn't it possible to have two htaccess files or do I have to edit the Wordpress htaccess file to protect the subpage directory?
My Worpress installation has a htaccess in it's root directory containing:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Then I have the following htaccess in my subpage directory:
AuthType Basic
AuthName "NameHere"
AuthUserFile /root/website/subpage/.htpasswd
Require valid-user
And of course I have set up a htpasswd file using a generator online.
Add to .htaccess file in public_html or publicDirectory:
You can set what directory do you want allowed, with example from below:
<Directory /root/website>
# All access controls and authentication are disabled
# in this directory
Satisfy Any
Allow from all
</Directory>
<Directory /root/website/subpage>
AuthType Basic
AuthName "NameHere"
AuthUserFile /root/website/subpage/.htpasswd
Require valid-user
</Directory>
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
This is code from my .htaccess file
AddDefaultCharset UTF-8
Options -Indexes
# blocks direct access to the XML files - they hold all the data!
<Files ~ "\.xml$">
Order allow,deny
Deny from all
Satisfy All
</Files>
<Files sitemap.xml>
Order allow,deny
Allow from all
Satisfy All
</Files>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.mywebsite.co.uk$ [NC]
RewriteRule ^(.*)$ http://mywebsite.co.uk/$1 [R=301,L]
# Usually it RewriteBase is just '/', but
# replace it with your subdirectory path
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule /?([A-Za-z0-9_-]+).html$ index.php?id=$1 [QSA,L]
Most of it was previously generated not by me, and that's may be the problem i cannot understand it. I wanted to remove .html from mywebsite.co.uk/promotions.html.
I have tried adding, deleting lines and searched for answers for a long time and i still get nothing. Everything i get is sth like: mywebsite.co.uk/?id=promotions which is even worse. Actually i am newbie with htaccess and most of this code is more or less magic for me. I would be happy to get some help.
You need to do it like this
RewriteCond /%{REQUEST_FILENAME}.html -f
RewriteRule ^([a-zA-Z0-9_-\s]+)/$ /$1.html
I'm trying to strip all index.html file & extension exactly like my index.php rule works.
Meaning that instead of
www.discretix/modules-hdcp/index.html
There should be
www.discretix/modules-hdcp/
It works for index.php but in index.html it Doesn't.
I'm using wordpress and my server is apache.
These are my htaccess rules:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /~discretix/
RewriteRule ^index\.php$ - [L]
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /~discretix/index.php [L]
</IfModule>
The following rule will redirect the user from either index.html or index.php to the folder (this will be reflected in the clients browser address bar) using a 301 redirect (moved permanently), you might want to change this to 302 redirect (originally temporary redirect, but now commonly used to specify redirection for unspecified reason)
RewriteBase /~discretix/
RewriteRule ^index\.(html|php)$ ./ [R=301,L]
HI, I have a mod_rewrite in my .htaccess file that is reformatting address. I already have one exception that will keep .cfg files free from the rewrite, I'm trying to do that same with .html files that contain the word "client" but have had no luck trying a number of different approaches. I'm out of my depths with .htaccess stuff unfortunately.
Here is the file currently:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule \.cfg$ - [L]
RewriteRule client - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php
</IfModule>
Any help would be greatly appreciated!
Change the client line to:
RewriteRule client(.*?)\.html - [L,NC]