this is my first time with editing .htaccess, the situation is that I need to restrict access to a website for anyone except several IP-addresses and redirect others to a specific page. To do that I am using the following code in .htaccess:
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !XXX.XXX.XXX.XXX
RewriteRule (.*) index.html [QSA,L]
The problem begins when I change the IP in this file - the background image which is used for the in index.html and stated in its internal css just stops appearing. I have tested this in Chrome and Firefox, in Firefox the background image reappears when the IP is changed to the one I have, in Chrome it doesn't reappear even after the IP changed back. I hope someone will be able to help me.
Best regards.
While rewriting is a powerful technique, it has many caveats and is relatively complex to get right. Here, the solution is not to use mod_rewrite at all. Apache's mod_authz_host module allows you to use the Require directive to specify which IP addresses are allowed to access resources.
If you need to display a specific page in case the Require is not satisfied, just specify an ErrorDocument for the error 403 (forbidden) which will be triggered.
If the error page then needs to access other resources, they need to bypass the IP restriction and be allowed using the Require directive:
Here is how your .htaccess file will look like:
Require ip XXX.XXX.XXX.XXX
ErrorDocument 403 /index.html
<Files "specific_image.png">
Require all granted
</Files>
Note that this causes an internal redirection in Apache.
If you want an external redirection and have the user have the actual index.html file in their browser's address bar, the configuration becomes a little bit more complicated because the file must be specifically allowed:
Require ip XXX.XXX.XXX.XXX
ErrorDocument 403 %{REQUEST_SCHEME}://%{HTTP_HOST}/index.html
<Files "index.html">
Require all granted
</Files>
<Files "specific_image.png">
Require all granted
</Files>
Note the use of variables to avoid hard-coding the absolute URL to the index.html file. Using a complete URL here is necessary to trigger the external redirection.
Related
I am having issues with trying to redirect my website permanently. When I am saying I have issues I mean I haven't got a clue how to redirect my website from http://www.example.com to https://example.com.
I understand html and editing the htaccess file. Can anyone advise how to create a complex redirect like above?
Appreciate any the help.
If you are using WordPress, then I would recommend you to go with a plugin which will be easy too. Install and Activate the Really Simple SSL plugin from Plugins > Add New. The plugin is specially designed for SSL related issues. Now, you have activated the plugin, it's time to configure settings. First of all, you'll see a floating information box on your WordPress admin dashboard. A button will say: Go Ahead, Activate SSL, just click that button and your site will be SSL ready (not fully yet).
Don't panic if the button not appears. You will need to Go to the plugin's settings and you will find the option there.
What you need is a valid SSL Certificate.
Then go to Settings > SSL, and then Settings from the above navigation menu beside Configuration. There you will see an option saying Enable WordPress 301 Redirection to SSL, put it on. Done!
Now, your site will redirect you and your visitors to the HTTPS verison. That's it.
Tip: If you want to redirect the visitors to HTTPS version without a need of the plugin, then follow below steps.
There are two methods to do so. In the Really Simple SSL plugin, in the settings, you will see an option saying Deactivate Plugin and keep SSL. This will do the work for you by disabling itself and not removing the redirect code from .htaccess and wp-config file.
Another method is a little bit complicated but will redirect the whole website to SSL version. Put the given code in the .htaccess file of your website which you can find in your website's root folder by enabling hidden files (access via FTP client or cPanel File Manager or WordPress plugin):
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
I hope the above method worked good for you. If you find any difficulty in any process then kindly respond to this answer.
I was fiddling around with the .htaccess in my web hosting directory, attempting to force HTTPS to my URLs to activate my SSL that comes with Hostgator (which did in fact work), but after changing stuff in there and whenever I try to access my page by simply typing in the URL bar examp.com the browser automatically adds public_html after it, which results in a 404, and only when I remove the public_html part of the URL am I able to access the HTML documents and folders. But if I type https://www.exampe.com THEN it works properly without adding anything. I was unable to find anything regarding this problem and it happens with every browser.
My .htaccess file looks like this:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1
Even after removing it the problem persists.
EDIT: The foulder structure is home3/example/.htaccess
EDIT: I should probably mention this, when I originally edited the .htacces file in the first place it was not present, literally nowhere in my hosting directory on Hostgator, not even after checking "Show dotted files", so I ended up creating it manually and then I started fiddling with the code above.
Working with .htacess file has always been a very frustrating experience for me. Someone please help.
This is what I want to achieve:
I am running Ubuntu 14.04.
Redirect my entire site (example.com) to a maintenance.html page.
Block everybody else except one IP, for example, I need to allow only 123.456.789.0
Here are my files:
Location of my index.html is /var/www/html
Location of my maintenance.html is /var/www/html
Location of my .htaccess file is /var/www/html
Contents of My .htaccess file:
#Rewrite to www
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com[nc]
RewriteRule ^(.*)$ http://www.example.com/$1 [r=301,nc]
#301 Redirect Old File
Redirect 301 /index.html /maintenance.html
#Block users by IP
order allow,deny
deny from all
allow from 123.456.789.0
Please help me understand:
Is the location of each of the above files right? In what cases, the
page ends up in 500 internal server error?
What changes should I make in
/etc/apache2/apache.conf
/etc/apache2/sites-enabled/000-default.conf OR
/etc/apache2/sites-available/000-default.conf
Is is necessary to run a2enmod rewrite?
Should I add <IfModule mod_rewrite.c> and </IfModule> as header and footer in any of the above config files?
Sorry for too many questions, but I really want know it all this time.
Thanks in advance.
Is the location of each of the above files right? In what cases, the
page ends up in 500 internal server error?
A "500 Internal Server Error" message means there's an error and you're expected to check the server logs for the exact details. Apache will not display the error message to be seen by everyone.
What changes should I make
It depends on what the problem is. If the problem is "500 Internal Server Error" that means that we still don't know what the problem is.
Is is necessary to run a2enmod rewrite?
That command enables mod_rewrite. You need to enable it if it isn't enabled. You don't need to enable it if it's already enabled.
It's worth noting that this command is not part of official Apache distribution. Some Linux distros (namely Debian and derivatives) change third-party packages to match their configuration preferences, as in this case.
Should I add <IfModule mod_rewrite.c> and </IfModule> as header
and footer in any of the above config files?
As documentation explains, this block can be used to ignore directives when a given module is not installed. This can be useful for configuration templates to be distributed and optional features. In your case, it'll silently ignore your code if mod_rewrite is not available—you don't want that.
Last but not least:
order allow,deny
deny from all
allow from 123.456.789.0
... belongs to the old (and really hard to understand) Apache/2.2 syntax. If you are using Apache/2.4* you may want to try Require.
(*) Some distros hate bundling recent software but 2.4 has been around for several years
Thanks to #OlafDietsche and #ÁlvaroGonzález for this quick help. I am keeping their suggestions here so somebody like me will find it useful.
The problem is with my goals, not with the syntax. With their comments and answers, I came to know that my 2 goals were mutually contradicting ones.
I configured .htaccess to do both page-redirection and IP block. But if I am blocking (almost) everybody from accessing the site, page redirection makes no sense.
The required configuration in .htaccess is:
#Rewrite to www
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com[nc]
RewriteRule ^(.*)$ http://www.example.com/$1 [r=301,nc]
#301 Redirect Old File
Redirect 301 /index.html /maintenance.html
I recently changed my website from static html to Wordpress, and in doing so I've been redirecting all of my former and nonexistent pages with my .htaccess file whenever Google shows me a crawl error. I've been successful in redirecting all crawl errors until today. My old index.html is throwing a crawl error and when I use:
Redirect 301 /index.html http://www.example.com
... I get this from my browser:
Too many redirects occurred trying to open www.example.com. This might occur if you open a page that is redirected to open another page which then is redirected to open the original page.*
I have since removed the above redirect from my .htaccess file and will just live with the crawl error if I can't get this resolved. But I'm thinking somebody knows how to solve this and if so, I'd really appreciate it if you'd let me know how.
You could experience this redirect loop if your DirectoryIndex is set to index.html (as the first option), which is likely to be the default setting on your server.
Basically, when you access a directory, eg. http://example.com/ (the root directory) then the DirectoryIndex directive tells the server which file to serve (via an internal rewrite). eg. http://example.com/index.html. This then seeds the redirect loop.
Since you are using WordPress, you could change this in .htaccess to favour index.php instead. For example, at the top of your .htaccess file:
DirectoryIndex index.php index.html
However, you could also solve this by using mod_rewrite (which is probably preferable). In fact, since WordPress already uses mod_rewrite (eg. RewriteRule directive) then you should also be using mod_rewrite for your redirects, not mod_alias (eg. Redirect directive). You should not mix redirects from both modules in .htaccess since you can easily get conflicts. Different modules execute at different times, regardless of their order in .htaccess.
By using mod_rewrite you can avoid a redirect loop by checking against THE_REQUEST. For example:
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.html [NC]
RewriteRule ^index\.html$ / [R=301,L]
I have a website thats live and another (for amends/approval) that is in a subdirectory called 'approval'. The idea being that once its approved I replace the live site. Is there a way to restrict access to this directory unless you have a direct link - maybe through .htaccess? Any other suggestions regarding protocol for this scenario? Thanks!
I've tried something with .htacces.
You can make a 403 error page. You can't go to a directory unless you have a link.
Make a .htacces file with the following code:
## Error Page
ErrorDocument 403 /403.html
Options -Indexes
the ## means that the line is hidden, for text
ErrorDocument 403 gives the place of the 403 error file. You can also type this: /errors/403.html
Options -Indexes blocks the directory's
I hope that it works for you