Absolute URL in 100s of files rewrite - html

I have created a dump from WayBack Machine so that a client can view his older site in order to create content plan. I loaded the backup to /~xxxxxxxx/ but as all the css and js in 100s of files are coded as follows:
<link href="/skins/FixedSize/styleSheets/style.css"
This results in 404 because the /~xxxxxx/ is ignored.
I have tried the following but no luck.
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .? /~xxxxxxxx/ [R=301,L]
I need a way to achieve this without modifying 470 HTML files.

This probably is what you tried to express:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^/?(.*)$ /~xxxxxxxx/$1 [END,QSA]
However you should be aware that this might be in conflict with other content you publish on that http host. There probably is a reason why you created that folder in the first place instead of using a hosts DOCUMENT_ROOT which would have prevented the current issue.
Which leads to an alternate suggestion: why don't you simply use a separate http host, so another "subdomain" as it is sometimes called?
Anyway, if you want to give above implementation a try, then please also note these additional hints:
In case you receive an internal server error (http status 500) using the rule above then chances are that you operate a very old version of the apache http server. You will see a definite hint to an unsupported [END] flag in your http servers error log file in that case. You can either try to upgrade or use the older [L] flag, it probably will work the same in this situation, though that depends a bit on your setup.
This implementation will work likewise in the http servers host configuration or inside a dynamic configuration file (".htaccess" file). Obviously the rewriting module needs to be loaded inside the http server and enabled in the http host. In case you use a dynamic configuration file you need to take care that it's interpretation is enabled at all in the host configuration and that it is located in the host's DOCUMENT_ROOT folder.
And a general remark: you should always prefer to place such rules in the http servers host configuration instead of using dynamic configuration files (".htaccess"). Those dynamic configuration files add complexity, are often a cause of unexpected behavior, hard to debug and they really slow down the http server. They are only provided as a last option for situations where you do not have access to the real http servers host configuration (read: really cheap service providers) or for applications insisting on writing their own rules (which is an obvious security nightmare).

Related

How to access folder files located from other domain folder located inside the public-html?

I want to access the image folder which is located in (e.g "example.com/images/one.jpg").
I have created the subdomain named (e.g "subdomain.example.com").
Both domain folders are in same public_html.
How i can authoize my subdomain, which can access files using htaccess rules or anything else. i tired this "../../" before file name, but not working.
Note: i dont want to put a whole path to access the files from root domain, such as https://......
Thanks
Browsers deal in URLs, not the paths on your filesystem.
It sounds like you have configured your server so that the images are only available on example.com and are not available on subdomain.example.com.
You therefore need to tell the browser to access the images from the other hostname.
src="//example.com/images/one.jpg"
If you have a domain.com and sub.domain.com, these are two completely different paths. You cannot get data from each other using reference as path like '../images/foo.png'.
In this case, you have to put all the path https://www.sub.domain.com/images/foo.png. This is the same way you need to do when uses a subdomain as resource in order to decrease the number of request in your website for images and sources in general.
I did a little bit of server configuration in the .htaccess file. I write the rule that no image can be publicly accessible. but I want to authorize my subdomain which can access the image URL.
:
Note: both domains are in the same public_html directory
You would seem to require an exception for the subdomain and block other hostnames?
It's a bit of a guess how you are currently doing this - either with mod_authz_core and a <FilesMatch> container perhaps? Or using mod_rewrite? Or an Apache <If> expression??
You could do something like the following using mod_rewrite, near the top of the root .htaccess file to block access to all images, except when accessed via the subdomain.
RewriteEngine On
# Block (403 Forbidden) all image requests unless accessed through the subdomain
RewriteCond %{HTTP_HOST} !^subdomain\.example\.com
RewriteRule \.(jpe?g|png|webp|gif)$ - [F]
Now, a request of the form https://example.com/images/one.jpg will be blocked, but https://subdomain.example.com/images/one.jpg will be accessible.
i dont want to put a whole path to access the files from root domain
But you will need to use an absolute (or protocol-relative) URL to access the files from the subdomain.
UPDATE:
Current rules in my parent domain "example.com"
RewriteCond %{HTTP_REFERER} !^https://example.com/ [NC]
RewriteRule \.(gif|jpg|jpeg|png|mp4|mov|mkv|flv|svg)$ - [F,L]
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Ah, so you've implemented a form of hotlink protection! In that case you would seem to just need to modify the first condition to allow requests from the subdomain as well. For example:
RewriteCond %{HTTP_REFERER} !^https://(subdomain\.)?example.com/
To allow requests from both example.com and subdomain.example.com. The NC flag should be omitted. All browsers will lowercase the hostname in the request.
No other rules are required to "allow" access. You do not need to use the absolute URL to access these resources - since that does not appear to be what you are blocking. You simply need to be able to access these resources from another host (ie. the subdomain).
In summary:
RewriteEngine On
# Hotlink protection
RewriteCond %{HTTP_REFERER} !^https://(subdomain\.)?example.com/
RewriteRule \.(gif|jpg|jpeg|png|mp4|mov|mkv|flv|svg)$ - [F]
# HTTP to HTTPS redirect
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
The L flag is not required with the F flag, since it is implied.
The ^(.*)$ is unnecessary since the backreference is not being used. Simply having ^ is sufficient and more efficient - to be successful for everything without having to actually match everything.

Redirect a webpage to some other webpage using .htaccess beased on User Agent

I'm making an Android app (can't publish it to Play Store because my parents won't let me pay the developer fee) and so, I want the users to be able to check for app updates from within the app.
I have thought of my own way for that because I wasn't able to implement the other ways I found on the internet.
Now, I have a version checking page: "https://app.brokenhearts.ml/check-update.html".
Also, there's an download update page: "https://app.brokenhearts.ml/updated.html".
I've set a custom User Agent to the app "Broken Hearts/1.0". That's working fine as of now, as when websites are loaded from the app they're displaying that custom user agent. I'll be updating the User Agent of the app with every version (for example, app version 2.0 will have the User Agent "Broken Hearts/2.0").
So, whenever a user will check for update, the app is going to load "https://app.brokenhearts.ml/check-update.html" in the webview (with the User Agent "Broken Hearts/1.0"). Now when that's the latest update, I won't have added any special .htaccess rules to redirect it and so, the app will normally load "https://app.brokenhearts.ml/check-update.html". But, suppose I release v2.0, the users still on v1.0, will still be having their user agents set to "Broken Hearts/1.0", and thus, when checking for the update, they shall be redirected to "https://app.brokenhearts.ml/updated.html".
So, basically, whenever I release an update to the app, I'll be updating its User Agent and changing the .htaccess to redirect the users from the old user agent to the "download update page". So, users from any other user agent should remain unaffected and should be able to load the "version checking page" normally.
All of this is going to be based on User Agent and .htaccess. I think it's possible, however, I'm just not able to make the correct .htaccess code.
EDIT: I tried to use this code, I kind of found from Apache docs and modified it as per my needs:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} "^(Broken Hearts/1\.0)$"
RewriteRule "^/check-version\.html" /updated.html [R=301,]
However, it gives HTTP error 500.
Well, I found a solution!
I created a folder called "update" and placed the .htaccess in it. Modified it as folows:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} "^(Broken Hearts/1\.0)$"
RewriteRule ^$ https://app.brokenhearts.ml/updated.html [R,L]
RewriteRule ^$ https://app.brokenhearts.ml/check-version.html [L]
And I pointed the update checker in the app to https://app.brokenhearts.ml/update/.
So, now, if the user agent matches my custom one, it's getting redirected correctly to updated and if it's the latest one, it's getting redirected to the check version as expected.
Now, whenever I'll publish an update, I'll have to modify the .htaccess when the new rule as follows:
Suoopse, I've posted v3.0 update and users are still using 1.0 and 2.0, then my new .htaccess will be:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} "^(Broken Hearts/1\.0)$"
RewriteRule ^$ https://app.brokenhearts.ml/updated.html [R,L]
RewriteCond %{HTTP_USER_AGENT} "^(Broken Hearts/2\.0)$"
RewriteRule ^$ https://app.brokenhearts.ml/updated.html [R,L]
RewriteRule ^$ https://app.brokenhearts.ml/check-version.html [L]
I have tried it and it works. Posted it just hoping some other day it might help someone else.

Whatever I do, .htaccess won't do the job

Working with .htacess file has always been a very frustrating experience for me. Someone please help.
This is what I want to achieve:
I am running Ubuntu 14.04.
Redirect my entire site (example.com) to a maintenance.html page.
Block everybody else except one IP, for example, I need to allow only 123.456.789.0
Here are my files:
Location of my index.html is /var/www/html
Location of my maintenance.html is /var/www/html
Location of my .htaccess file is /var/www/html
Contents of My .htaccess file:
#Rewrite to www
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com[nc]
RewriteRule ^(.*)$ http://www.example.com/$1 [r=301,nc]
#301 Redirect Old File
Redirect 301 /index.html /maintenance.html
#Block users by IP
order allow,deny
deny from all
allow from 123.456.789.0
Please help me understand:
Is the location of each of the above files right? In what cases, the
page ends up in 500 internal server error?
What changes should I make in
/etc/apache2/apache.conf
/etc/apache2/sites-enabled/000-default.conf OR
/etc/apache2/sites-available/000-default.conf
Is is necessary to run a2enmod rewrite?
Should I add <IfModule mod_rewrite.c> and </IfModule> as header and footer in any of the above config files?
Sorry for too many questions, but I really want know it all this time.
Thanks in advance.
Is the location of each of the above files right? In what cases, the
page ends up in 500 internal server error?
A "500 Internal Server Error" message means there's an error and you're expected to check the server logs for the exact details. Apache will not display the error message to be seen by everyone.
What changes should I make
It depends on what the problem is. If the problem is "500 Internal Server Error" that means that we still don't know what the problem is.
Is is necessary to run a2enmod rewrite?
That command enables mod_rewrite. You need to enable it if it isn't enabled. You don't need to enable it if it's already enabled.
It's worth noting that this command is not part of official Apache distribution. Some Linux distros (namely Debian and derivatives) change third-party packages to match their configuration preferences, as in this case.
Should I add <IfModule mod_rewrite.c> and </IfModule> as header
and footer in any of the above config files?
As documentation explains, this block can be used to ignore directives when a given module is not installed. This can be useful for configuration templates to be distributed and optional features. In your case, it'll silently ignore your code if mod_rewrite is not available—you don't want that.
Last but not least:
order allow,deny
deny from all
allow from 123.456.789.0
... belongs to the old (and really hard to understand) Apache/2.2 syntax. If you are using Apache/2.4* you may want to try Require.
(*) Some distros hate bundling recent software but 2.4 has been around for several years
Thanks to #OlafDietsche and #ÁlvaroGonzález for this quick help. I am keeping their suggestions here so somebody like me will find it useful.
The problem is with my goals, not with the syntax. With their comments and answers, I came to know that my 2 goals were mutually contradicting ones.
I configured .htaccess to do both page-redirection and IP block. But if I am blocking (almost) everybody from accessing the site, page redirection makes no sense.
The required configuration in .htaccess is:
#Rewrite to www
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com[nc]
RewriteRule ^(.*)$ http://www.example.com/$1 [r=301,nc]
#301 Redirect Old File
Redirect 301 /index.html /maintenance.html

WordPress JSON API returns only 404 errors

I'm brand new to Wordpress and I would like to use the JSON API plugin.
So I put it in my plugin repository and I activated it but when I try to display the Json response by accessing the http://localhost/wordpress/wp-json/posts url I get a 404 error.
I'm probably missing something but according to the documentation it should be that simple. Any idea of what am I doing wrong?
It is an mod_rewrite issue.
Reason is one of these in your .htaccess:
not existing
wrong permissions
screwed up
Try the htaccess documentation on Wordpress for your .htaccess:
## BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Old question and answer, but for anyone coming here recently via search results (like me), /wp-json/posts should at least bring a JSON result (albeit still a 404 error), and /wp-json should list some available routes in JSON.
If it doesn't (e.g. it shows an Apache or other 404 error page), it's probably a permalinks issue
You have the wrong address. According to the documentation, the following are valid links:
Implicit mode examples:
http://www.example.org/?json=1
http://www.example.org/?p=47&json=1
http://www.example.org/tag/banana/?json=1
Explicit mode examples:
http://www.example.org/?json=get_recent_posts
http://www.example.org/?json=get_post&post_id=47
http://www.example.org/?json=get_tag_posts&tag_slug=banana
With user-friendly permalinks configured:
http://www.example.org/api/get_recent_posts/
http://www.example.org/api/get_post/?post_id=47
http://www.example.org/api/get_tag_posts/?tag_slug=banana
Source: https://wordpress.org/plugins/json-api/other_notes/
So in your case you should use http://localhost/wordpress/api/get_recent_posts/
/wp-json/elementor/v1/globals - 404 error
Just update the plugin if any update is available and deactivate it first and then re-activate it again. The problem will be solved.
When we activate the Elementor plugin then this plugin creates some essential files for editing, so when we will re-activate it then it will re-create all essential files and our problem will be solved. Thanks
It may depend on whether you have NGinx or Apache.
On some hosts with Plesk if Nginx is used, Plesk does not create or re-create the .htaccess file, but for WP it must be present.
If it's not there, just recreate it with the standard WP settings https://wordpress.org/support/article/htaccess/ as mentioned in one of the previous answers.
A workaround (insecure) is to create directories and files /wp-json/elementor/v1/globals with {} like Json standard, elementor will work the same, but I don't recommend doing that.

Server side changes in Angular html5 mode

I was wondering if any one can tell me what are the server side changes which needs to be done when you change your mode in to html5 in Angular js. because When I did tried to change the it to html 5 mode I was unable to go in to my inner html pages. in Angular API it says that suers need to do a server side changes as well.
what are the server side changes
do we need to do any other changes as well ?
You should distinguish two type of calls:
HTML calls from the browser. These should be all remapped to serve your index or whatever.
JSON API requests. These should pass through to your app server.
How to distinguish between these two types of calls, and how to remap the former, depends strongly on your setup.
If you are using nginx, for instance, a combination of checking $http_accept to be application/json (see http://en.wikipedia.org/wiki/List_of_HTTP_header_fields#Requests and http://wiki.nginx.org/HttpCoreModule#.24http_HEADER) and rewrite (http://wiki.nginx.org/HttpRewriteModule#rewrite) you can achieve what you want.
You need to setup your server to rewrite everything to index.html per: https://github.com/angular-ui/ui-router/wiki/Frequently-Asked-Questions#how-to-configure-your-server-to-work-with-html5mode ...
<VirtualHost *:80>
ServerName my-app
DocumentRoot /path/to/app
<Directory /path/to/app>
RewriteEngine on
# Don't rewrite files or directories
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
# Rewrite everything else to index.html to allow html5 state links
RewriteRule ^ index.html [L]
</Directory>
</VirtualHost>
My app has params passed to a controller (via ui-router) so before html5mode I would goto
www.blah.com/angapp/#/myUIrouterController?param_x=1&param_y=2
Guessing browsers know that /#/ folder path part should serve index.html.
Now that # would be gone with html5mode, the server by default doesn't know to serve the index.html for that folder since the url will just be:
www.blah.com/angapp/myUIrouterController?param_x=1&param_y=2
myUIRouterController isn't a real file so the server would just serve a 404, Hence why I think the rewrites are needed so it knows to send everything to index.html (so above in combo with the <base> tag should work... note: requireBase is optional but heard it helps older browsers like IE9 maybe).