URL rewrites

[JunkMale]

I have been bangin my head on this for a couple of months.

I have been to the apache site on the subject of URL rewriting and read and read until I am nearly blind and I still havent a clue.

The server I am on is an Apache 2 on a Linux install and it is a shared host.

The host provide a widgit to put in to play .htaccess and .htpasswd files to restrict access to folders. The host also confirms that the particular Apache engine is the 2.0 engine.

I want to take "ANY" request for .php and .db files in a folder called "data" to be rewritten to the site root so that the request serves up a new URL and the site loads.

http://my.website.com/data/{adbname}.db

where {adbname} is a random set of letters or numbers

I have tried looking at the REQUEST_URI to match ^/data/ or ^/data/*.\.php as well as ^data/[a-z0-9]+\.db or a straight forward ^\.php and ^\.db look for the extentions and then redirect.

Simply put, its still allowing download of the .db files stored in the folder. Something that I am trying to prevent.

I have lost count of the number of sites that profess to help and TBH, as a beginner in theis URL rewriting game, help is very very thin on the ground, thes sites are either "baby talk" or "Uber geek" and no happy medium nor do any of the sites so far give any practical examples of real working .htaccess.

Even trying examples, they are not working.

I have asked the host several times now and I think that they are getting fed up of me asking them to check the config for the server.

Any .htaccess & .htpasswd files written by the web host CGI program work fine. When I upload a file I have written... flat on its face.

Can some one give me an example of what I need to be looking at?

[JunkMale]

Well this is completely retarded way of offering support to people, the "link" to the support forum does not go anywhere except the page I am currently viewing in FAQ's on the Apache site and trying to sign up to a mailing list for support... They don't have any support for .htaccess.

How is someone supposed to get this stuff running if both avenues of support are fruitless?

Seriously, can anyone see anything wrong with the following? Which I might add is taken right out of the Apachee site and modded for my needs.

RewriteEngine On
RewriteBase /data/
RewriteCond %{REQUEST_URI} ^\.db [NC]
RewriteRule ^(.*)$ ^/index.php [NC,L]

the .htaccess which currently asks for a password login works fine, when I add this in its place, the access to the file is still allowed and it appears that it does not matter what I put, even forcing everything requested in to a index.php file within the same folder has no effect at all.

Ideas?

[Scleppel]

You want /directory/anything.db and /directory/anything.php to be rewritten to /?

Try the following in a .htaccess file in /directory

Code:

Options +FollowSymLinks

RewriteEngine On

RewriteRule ^.+\.(db|php)$ / [QSA,L]

Seriously, can anyone see anything wrong with the following? Which I might add is taken right out of the Apachee site and modded for my needs.

RewriteEngine On
RewriteBase /data/
RewriteCond %{REQUEST_URI} ^\.db [NC]
RewriteRule ^(.*)$ ^/index.php [NC,L]

The %{REQUEST_URI} variable for the URL http://www.example.com/directory/fil...b&c=d#fragment would be "/directory/file.ext".
^ means "the beginning".
^\.db cannot match the REQUEST_URI because it means "begins with .db" and the REQUEST_URI always begins with a /.
The substitution part of the RewriteRule (the second part) should not be a regular expressions (^/index.php should be /index.php).

[JunkMale]

Thanks for the input.

All I am looking to do is to do this for one particular directory

Code:

RewriteEngine On
RewriteRule ^.*$ / [R]

and this will match any request for this particular directory and Rediredct to the site root.

[Scleppel]

Is it working?

You could use RedirectMatch in a .htaccess file in your document root

Code:

RedirectMatch 302 ^/directory(/.*)?$ /

[JunkMale]

Yep, thanks.

I have a few rules I want to put in place. I installed a CMS tool for a friend to use and TBH the security is a bit lax and I want to beef it up a bit and force people in to using the correct URL.

What the web stats are showing is that the URL for the edit page (which serves up the site as well) is being requested more than the site index page. the site is getting around 25,000 hits a month and I would like the requests to stop requesting the edit page URL and push them on to the site root.

Would this force any request for admin.php that does not arrive on edit. subdomain get rewritten to the site root?

Code:

Options +FollowSymLinks
RewriteEngin On
RewriteCond %{HTTP_HOST} !^edit\.(.*) [NC,C]
RewriteCond %{REQUEST_URI} ^admin.php [NC]
RewriteRule ^edit\.$1 / [L]

[Scleppel]

There are a few errors with what you have.

%{REQUEST_URI} starts with a slash.
C(hain) is not a RewriteCond flag.
A RewriteRule matches a similar part of the URL to the value of REQUEST_URI. It does not include the HTTP_HOST (the (sub) domain name). In a .htaccess file it is the path relative to the directory that the .htaccess file is in. So if it's /abc/.htaccess and the URL is http://www.example.com/abc/def/ghi.jkl?mno=pqr the RewriteRule would match "def/ghi.jkl".

Try

Code:

Options +FollowSymLinks

RewriteEngin On

RewriteCond %{HTTP_HOST} !^edit\.example\.com$ [NC]
RewriteRule ^admin\.php$ http://www.example.com/? [R=301,L]

[JunkMale]

I stuffed this in my friends site root

Code:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} !^edit\. [NC]
RewriteCond %{REQUEST_URI} ^/admin.php [NC]
RewriteRule ^.*$ / [R]

and it appears to work.

if I go to http://edit.mydomain.tld/admin.php I get the admin page, if I go to http://mydomain.tld/admin.php I get pushed to http://mydomain.tld/

Problem is, query string is appended if one exists and was wondering if a little trick is up your sleve to remove it.

I tested login and it worked, the URL has ?do=login appended to the admin.php but if I edit out the URL and request http://mydomain.tld/admin.php?do=login I get pushed on to http://mydomain.tld/?do=login but its the index.php page

I need to remove any query string for this part of a rule.

Any ideas?

[JunkMale]

I just noticed some weird side effect as well, especially when logging out, the edit. portion of the URL remains, that needs to be removed.

Any ideas as I tried testing for a URL that begins with edit. and does not conatain admin.php and to rewrite the hostname to http://mydomain.tld/ but it wasn't working and I have no idea why?

Code:

RewriteCond %{HTTP_HOST} ^edit\.(.*)/$ [NC]
RewriteCond %{REQUEST_URI} !^/admin.php [NC]
RewriteRule ^.*$ http://$1/ [R]

[Scleppel]

I need to remove any query string for this part of a rule.

Add a ? or an empty query string.

I just noticed some weird side effect as well, especially when logging out, the edit. portion of the URL remains, that needs to be removed.

$n from RewriteRules, %n from RewriteConds.

Code:

Options +FollowSymLinks

RewriteEngine On

RewriteCond %{HTTP_HOST} !^edit\.(example\.com)$ [NC]
RewriteRule ^admin\.php$ http://%1/? [R=301,L]

[JunkMale]

OK, thanks, your help is appreciated.

Not allot I can do ATM as my friend is on his site.

L8rz.

[JunkMale]

OK, I have been playing around with this and the logic is sound but the results are problematic.

Code:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} !^edit\. [NC]
RewriteCond %{REQUEST_URI} ^/admin\.php [NC]
RewriteRule ^.*$ / [R]
RewriteCond %{HTTP_HOST} ^edit\. [NC]
RewriteCond %{REQUEST_URI} !^/admin\.php [NC]
RewriteRule ^.*$ / [R]

But, this is giving the server a headache I think. The above rule is, when you look long and hard at it several things in a few lines. You poke these URL requests for example

Request : http://edit.yourdomain.tld/admin.php
Result : http://edit.yourdomain.tld/admin.php

Request : http://yourdomain.tld/admin.php
Result : http://yourdomain.tld/

Request : http://edit.yourdomain.tld/
Result : http://yourdomain.tld/

Request : http://yourdomain.tld/anything/goes.php
Result : http://yourdomain.tld/anything/goes.php

Request : http://edit.yourdomain.tld/anything/goes.php
Result : http://yourdomain.tld/anything/goes.php

I am not getting the results I would expect. Links and other link dependent things fail like css & images fails to load as soon as you request the edit.yourdomain.tld/admin.php. Any suggestions on what to do about testing if the request is a real image regardless of the requesting URL?

The idea behind the logic is looking for specific subdomain and admin page request, if either fail the match, the URL is to be left untouched.

what have I forgot?

[JunkMale]

Maybe:

RewritRule .* - [L]

at the end.

I found an intresting site that gives good examples that are easily understood so I hope to have this nut cracked soon. Cheers for your help Scleppel, it was useful.

[Scleppel]

Code:

# If the request isn't for /admin.php (including CSS, images, JavaScript, etc.)
RewriteCond %{REQUEST_URI} !^/admin\.php [NC]

You could ignore existing files with

Code:

RewriteCond %{SCRIPT_FILENAME} !-f

or all .css, .js, etc. files

Code:

RewriteCond %{REQUEST_URI} !^/.+\.(css|js|etc.)$ [NC]

Code:

Options +FollowSymLinks

RewriteEngine On

RewriteCond %{HTTP_HOST} !^edit\.exmaple\.com$ [NC]
RewriteRule ^admin\.php$ http://www.exmaple.com/? [R=301,L]

RewriteCond %{HTTP_HOST} ^edit\.exmaple\.com$ [NC]
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule !^admin\.php$ http://www.exmaple.com/? [R=301,L]