Search the Community
Showing results for tags '.htaccess'.
-
How might I hide some/all images in a private Processwire installation used for note-taking? Acceptance criteria * Hidden image file url is never accessible * Hiding images per page is preferred (as opposed to hiding all pages for the site via .htaccess or similar) Suggested solutions (that I currently don't know how to implement): * ProcessWire module controls output of image files * PHP file to control image output ("/img.php?file=img_1234.png")? * .htaccess hinder external access to all image files (will work as a last resort) The Processwire installation in question is being used for personal purposes (think Notion.os, Evernote, etc.).
- 8 replies
-
- images
- permission denied
-
(and 1 more)
Tagged with:
-
Hello everyone, I am a newbie in the world of website editing and I have been given a task to figure out how to redirect a long list of some old client's web pages which give 404 error. We have been able to redirect about two thirds of url's by using php database. Unfortunately the rest does not work, using php, due to containing special characters and the command I have tried to generate for couple of web pages, using the tool https://websiteadvantage.com.au/HtAccess-301-Redirect-Generator#heading-ToolResult is not working using the .htaccess file. Would anyone be able to help with the following example? 1) https://www.berlitzpraha.cz/en/eshop/individual-language-courses?orderby=product_name ... to be redirected to https://www.berlitzpraha.cz/en/language-courses-berlitz-shop-online/individual-language-courses-3 command generated with the tool (not working): RewriteEngine On RewriteCond %{QUERY_STRING} ^orderby=product_name$ [NC] RewriteRule ^en/eshop/individual-language-courses$ https://www.berlitzpraha.cz/en/language-courses-berlitz-shop-online/individual-language-courses-3? [R=301,NE,NC,L] 2) http://www.berlitzpraha.cz/cs/skupinove-kurzy-jazyku/hledani/zkouset/function.implode ... to be redirected to https://www.berlitzpraha.cz/cs/skupinove-jazykove-kurzy-pro-firmy/ command generated with the tool (not working): RewriteEngine On RewriteCond %{HTTP_HOST} ^www\.berlitzpraha\.cz$ [NC] RewriteCond %{QUERY_STRING} ^$ RewriteRule ^cs/skupinove-kurzy-jazyku/hledani/zkouset/function\.implode$ https://www.berlitzpraha.cz/cs/skupinove-jazykove-kurzy-pro-firmy/? [R=301,NE,NC,L] 3) https://www.berlitzpraha.cz/en/language-courses-berlitz-shop-online/virtual-language-courses?orderby=product_sku&showall=1 ... to be redirected to https://www.berlitzpraha.cz/en/virtual-language-courses-shop-online/virtual-language-courses-4 RewriteEngine On RewriteCond %{QUERY_STRING} ^orderby=product_sku&showall=1$ [NC] RewriteRule ^en/language-courses-berlitz-shop-online/virtual-language-courses$ https://www.berlitzpraha.cz/en/virtual-language-courses-shop-online/virtual-language-courses-4? [R=301,NE,NC,L] Thank you very much in advance. Petra
-
Hi, I'm not sure what has gone wrong but after adding a few lines for webp to my .htaccess my site no longer works properly. I reversed it but there may have been another version of .htacess on the site which I've now overwritten. Note: After some checking: It doesn't seem to be rendering the templates. Eg: / = (should use template home.php) /about/ = (uses template page.php) For example putting "die;" in the home.php does nothing on the live server. Basically, it doesn't render the content block and spits out "default content" It is working perfectly on my local server with the same .htaccess file. $config->useMarkupRegions = true; I do not know what to do and I'd be grateful for help. This is my site: https://greglumley.com I've changed "default content" to a more friendly message. And here is my .htaccess ################################################################################################# # START PROCESSWIRE HTACCESS DIRECTIVES # @version 3.0 # @htaccessVersion 301 ################################################################################################# # # Upgrading htaccess (or index) version 300 to 301 # ----------------------------------------------------------------------------------------------- # If you never modified your previous .htaccess file, then you can simply replace it with this # one. If you have modified your .htaccess file, then you will want to copy/paste some updates # to the old one instead: # If your htaccess/index version is 300, upgrade to this version by replacing all of sections #5 # and #15 (Access Restrictions). Also take a look at section #9, which you might also consider # replacing if using HTTPS, though it is not required. (For instance, HSTS might be worthwhile) # # Following that, optionally review the rest of the file to see if there are any other changes # you also want to apply. Sections tagged "(v301)" are new or have significant changes. # # When finished, add a line at the top identical to the "htaccessVersion 301" that you see at # the top of this file. This tells ProcessWire your .htaccess file is up-to-date. # # Resolving 500 errors # ----------------------------------------------------------------------------------------------- # Depending on your server, some htaccess rules may not be compatible and result in a 500 error. # If you experience this, find all instances of the term "(500)" in this file for suggestions on # things you can change to resolve 500 errors. # # Optional features # ----------------------------------------------------------------------------------------------- # Many of the rules in this .htaccess file are optional and commented out by default. While the # defaults are okay for many, you may want to review each section in this .htaccess file for # optional rules that you can enable to increase security, speed or best practices. To quickly # locate all optional rules, search this file for all instances of "(O)". # # If using a load balancer # ----------------------------------------------------------------------------------------------- # If using a load balancer (like those available from AWS) some htaccess rules will need to # change. Search this file for instances of "(L)" for details. # # ----------------------------------------------------------------------------------------------- # 1. Apache Options # # Note: If you experience a (500) error, it may indicate your host does not allow setting one or # more of these options. First try replacing the +FollowSymLinks with +SymLinksifOwnerMatch. # If that does not work, try commenting them all out, then uncommenting one at a time to # determine which one is the source of the 500 error. # ----------------------------------------------------------------------------------------------- # Do not show directory indexes (strongly recommended) Options -Indexes # Do not use multiviews (v301) Options -MultiViews # Do follow symbolic links Options +FollowSymLinks # Options +SymLinksifOwnerMatch # Character encoding: Serve text/html or text/plain as UTF-8 AddDefaultCharset UTF-8 # ----------------------------------------------------------------------------------------------- # 2. ErrorDocument settings: Have ProcessWire handle 404s # # For options and optimizations (O) see: # https://processwire.com/blog/posts/optimizing-404s-in-processwire/ # ----------------------------------------------------------------------------------------------- ErrorDocument 404 /index.php # ----------------------------------------------------------------------------------------------- # 3. Handle request for missing favicon.ico/robots.txt files (no ending quote for Apache 1.3) # ----------------------------------------------------------------------------------------------- <Files favicon.ico> ErrorDocument 404 "The requested file favicon.ico was not found. </Files> <Files robots.txt> ErrorDocument 404 "The requested file robots.txt was not found. </Files> # ----------------------------------------------------------------------------------------------- # 4. Protect from XSS with Apache headers # ----------------------------------------------------------------------------------------------- <IfModule mod_headers.c> # prevent site from being loaded in an iframe on another site # you will need to remove this one if you want to allow external iframes Header always append X-Frame-Options SAMEORIGIN # To prevent cross site scripting (IE8+ proprietary) Header set X-XSS-Protection "1; mode=block" # Optionally (O) prevent mime-based attacks via content sniffing (IE+Chrome) # Header set X-Content-Type-Options "nosniff" </IfModule> # ----------------------------------------------------------------------------------------------- # 5. Prevent access to various types of files (v301) # # Note that some of these rules are duplicated by RewriteRules or other .htaccess files, as we # try to maintain two layers of protection when/where possible. # ----------------------------------------------------------------------------------------------- # 5A. Block access to inc, info, info.json/php, module/php, sh, sql and composer files # ----------------------------------------------------------------------------------------------- <FilesMatch "\.(inc|info|info\.(json|php)|module|module\.php|sh|sql)$|^\..*$|composer\.(json|lock)$"> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order allow,deny </IfModule> </FilesMatch> # 5B. Block bak, conf, dist, ini, log, orig, sh, sql, swo, swp, ~, and more # ----------------------------------------------------------------------------------------------- <FilesMatch "(^#.*#|\.(bak|conf|dist|in[ci]|log|orig|sh|sql|sw[op])|~)$"> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order allow,deny </IfModule> </FilesMatch> # ----------------------------------------------------------------------------------------------- # 6. Override a few PHP settings that can't be changed at runtime (not required) # Note: try commenting out this entire section below if getting Apache (500) errors. # ----------------------------------------------------------------------------------------------- <IfModule mod_php5.c> php_flag magic_quotes_gpc off php_flag magic_quotes_sybase off php_flag register_globals off </IfModule> # ----------------------------------------------------------------------------------------------- # 7. Set default directory index files # ----------------------------------------------------------------------------------------------- DirectoryIndex index.php index.html index.htm # ----------------------------------------------------------------------------------------------- # 8. Enable Apache mod_rewrite (required) # ----------------------------------------------------------------------------------------------- <IfModule mod_rewrite.c> RewriteEngine On # Send WEBP images for JPG or PNG when supported and available. # This means that a request for a JPG or PNG file will instead deliver # WEBP data, but only when the browser supports and understands it. # RewriteCond %{HTTP_ACCEPT} image/webp # RewriteCond %{REQUEST_FILENAME} -f # RewriteCond %{DOCUMENT_ROOT}/$1$2$3/$4.webp -f # RewriteCond expr "! %{QUERY_STRING} -strmatch 'nc=*'" # RewriteRule ^(.*?)(site/assets/files/)([0-9]+)/(.*)\.(jpe?g|png)(.*)$ /$1$2$3/$4.webp [L] # 8A. Optionally (O) set a rewrite base if rewrites are not working properly on your server. # ----------------------------------------------------------------------------------------------- # In addition, if your site directory starts with a "~" you will most likely have to use this. # https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase # Examples of RewriteBase (root and subdirectories): # RewriteBase / # RewriteBase /pw/ # RewriteBase /~user/ # 8B. Set an environment variable so the installer can detect that mod_rewrite is active. # ----------------------------------------------------------------------------------------------- # Note that some web hosts don't support this. If you get a (500) error, try commenting out this # SetEnv line below. <IfModule mod_env.c> SetEnv HTTP_MOD_REWRITE On </IfModule> # ----------------------------------------------------------------------------------------------- # 9. Optionally Force HTTPS (O) # ----------------------------------------------------------------------------------------------- # Note that on some web hosts you may need to replace %{HTTPS} with %{ENV:HTTPS} in order # for it to work (in sections 9A and 9D below). If on a load balancer or proxy setup, you will # likely need to use 9B rather than 9A, and 9E rather than 9D. # ----------------------------------------------------------------------------------------------- # 9A. To redirect HTTP requests to HTTPS, uncomment the lines below (also see note above): # ----------------------------------------------------------------------------------------------- # RewriteCond %{HTTPS} !=on # RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # 9B. If using load balancer/AWS or behind proxy, use the following rather than 9A above: (L) # ----------------------------------------------------------------------------------------------- # RewriteCond %{HTTP:X-Forwarded-Proto} =http # RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # 9C. If using cPanel AutoSSL or Let's Encrypt webroot you may need to MOVE one of the below # lines after the first RewriteCond in 9A or 9B to allow certificate validation: # ----------------------------------------------------------------------------------------------- # RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/ # RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[\w-]+$ # RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ # 9D. Store current scheme in a 'proto' environment variable for later use # ----------------------------------------------------------------------------------------------- RewriteCond %{HTTPS} =on RewriteRule ^ - [env=proto:https] RewriteCond %{HTTPS} !=on RewriteRule ^ - [env=proto:http] # 9E. If using load balancer/AWS or behind proxy, use lines below rather than 9D: (L) # ----------------------------------------------------------------------------------------------- # RewriteCond %{HTTP:X-Forwarded-Proto} =https # RewriteRule ^ - [env=proto:https] # RewriteCond %{HTTP:X-Forwarded-Proto} =http # RewriteRule ^ - [env=proto:http] # 9F. Tell web browsers to only allow access via HSTS: Strict-Transport-Security (O) (v301) # ----------------------------------------------------------------------------------------------- # This forces client-side SSL redirection. Before enabling be absolutely certain you can # always serve via HTTPS because it becomes non-revokable for the duration of your max-age. # See link below for details and options (note 'max-age=31536000' is 1-year): # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security <IfModule mod_headers.c> # Uncomment one (1) line below & adjust as needed to enable Strict-Transport-Security (HSTS): # Header always set Strict-Transport-Security "max-age=31536000;" # Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains" # Header always set Strict-Transport-Security "max-age=31536000; preload" # Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" </IfModule> # Section 10 intentionally omitted for future use # ----------------------------------------------------------------------------------------------- # 11. Nuisance blocking/firewall # ----------------------------------------------------------------------------------------------- # None of these are enabled by default, but are here for convenience when the need arises. # Review and uncomment as needed. For more complete firewall (and more overhead), the 7G firewall # (or latest version) is worth considering, see: https://perishablepress.com/7g-firewall/ # ----------------------------------------------------------------------------------------------- # 11A. Block via IP addresses # ----------------------------------------------------------------------------------------------- # Note that IP addresses here are examples only and should be replaced with actual IPs. # Block single IP address # Deny from 111.222.333.444 # Block multiple IP addresses # Deny from 111.222.333.444 44.33.22.11 # Block IP address ranges (999.88.*, 99.88.77.*, 1.2.3.*) # Deny from 999.888 99.88.77 1.2.3 # 11B. Block via request URI (matches strings anywhere in request URL) # ----------------------------------------------------------------------------------------------- # RewriteCond %{REQUEST_URI} (bad-word|wp-admin|wp-content) [NC] # RewriteRule .* - [F,L] # 11B. Block via user agent strings (matches strings anywhere in user-agent) # ----------------------------------------------------------------------------------------------- # RewriteCond %{HTTP_USER_AGENT} (bad-bot|mean-bot) [NC] # RewriteRule .* - [F,L] # 11C. Block via remote hosts # ----------------------------------------------------------------------------------------------- # RewriteCond %{REMOTE_HOST} (bad-host|annoying-host) [NC] # RewriteRule .* - [F,L] # 11D. Block via HTTP referrer (matches anywhere in referrer URL) # ----------------------------------------------------------------------------------------------- # RewriteCond %{HTTP_REFERER} (bad-referrer|gross-referrer) [NC] # RewriteRule .* - [F,L] # 11E. Block unneeded request methods (only if you do not need them) # ----------------------------------------------------------------------------------------------- # RewriteCond %{REQUEST_METHOD} ^(connect|debug|delete|move|put|trace|track) [NC] # RewriteRule .* - [F,L] # 11F. Limit file upload size from Apache (i.e. 10240000=10 MB, adjust as needed) # ----------------------------------------------------------------------------------------------- # LimitRequestBody 10240000 # ----------------------------------------------------------------------------------------------- # 12. Access Restrictions: Keep web users out of dirs or files that begin with a period, # but let services like Lets Encrypt use the webroot authentication method. # ----------------------------------------------------------------------------------------------- RewriteRule "(^|/)\.(?!well-known)" - [F] # ----------------------------------------------------------------------------------------------- # 13. Optional domain redirects (O) # # Redirect domain.com to www.domain.com redirect (or www to domain.com redirect). # To use, uncomment either 13A, 13B or 13C. Do not use more than one of them. 13A and 13B # redirect non-www hosts to www.domain.com, 13C redirects www.domain.com host to domain.com. # ----------------------------------------------------------------------------------------------- # 13A. Redirect domain.com and *.domain.com to www.domain.com (see also 13B as alternate): # ----------------------------------------------------------------------------------------------- # RewriteCond %{HTTP_HOST} !^www\. [NC] # RewriteCond %{SERVER_ADDR} !=127.0.0.1 # RewriteCond %{SERVER_ADDR} !=::1 # RewriteRule ^ %{ENV:PROTO}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # 13B. Alternate www redirect if 13A does not work for your server: # ----------------------------------------------------------------------------------------------- # RewriteCond %{HTTP_HOST} !^www\. [NC] # RewriteRule ^ %{ENV:PROTO}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # 13C. Redirect www.domain.com to domain.com (do not combine with 13A or 13B): # ----------------------------------------------------------------------------------------------- # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] # RewriteRule ^ %{ENV:PROTO}://%1%{REQUEST_URI} [R=301,L] # ----------------------------------------------------------------------------------------------- # 14. Optionally send URLs with non-ASCII name-format characters to 404 page (optimization). # # This ensures that ProcessWire does not spend time processing URLs that we know ahead of time # are going to result in 404s. Uncomment lines below to enable. (O) # ----------------------------------------------------------------------------------------------- # RewriteCond %{REQUEST_URI} "[^-_.a-zA-Z0-9/~]" # RewriteCond %{REQUEST_FILENAME} !-f # RewriteCond %{REQUEST_FILENAME} !-d # RewriteRule ^(.*)$ index.php?it=/http404/ [L,QSA] # ----------------------------------------------------------------------------------------------- # 15. Access Restrictions (v301) # ----------------------------------------------------------------------------------------------- # 15A. Keep http requests out of specific files and directories # ----------------------------------------------------------------------------------------------- # Prevent all the following rules from blocking images in site install directories RewriteCond %{REQUEST_URI} !(^|/)site-[^/]+/install/[^/]+\.(jpg|jpeg|png|gif|webp|svg)$ # Block access to any htaccess files RewriteCond %{REQUEST_URI} (^|/)(\.htaccess|htaccess\..*)$ [NC,OR] # Block access to various assets directories RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$) [NC,OR] # Block access to the /site/install/ directories RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/install($|/.*$) [NC,OR] # Block dirs in /site/assets/dirs that start with a hyphen (see config.pagefileSecure) RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/assets.*/-.+/.* [NC,OR] # Block access to /wire/config.php, /site/config.php, /site/config-dev.php, /wire/index.config.php, etc. RewriteCond %{REQUEST_URI} (^|/)(wire|site|site-[^/]+)/(config|index\.config|config-dev)\.php($|/) [NC,OR] # Block access to any PHP-based files in /site/templates-admin/ or /wire/templates-admin/ RewriteCond %{REQUEST_URI} (^|/)(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))($|/) [NC,OR] # Block access to any PHP or markup files in /site/templates/ or /site-*/templates/ RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))($|/) [NC,OR] # Block access to any files in /site/classes/ or /site-*/classes/ RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/classes($|/.*) [NC,OR] # Block access to any PHP files within /site/assets/ and further RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/assets($|/|/.*\.ph(p|ps|tml|p[0-9]))($|/) [NC,OR] # Block access to any PHP, module, inc or info files in core or core modules directories RewriteCond %{REQUEST_URI} (^|/)wire/(core|modules)/.*\.(php|inc|tpl|module|info\.json)($|/) [NC,OR] # Block access to any PHP, tpl or info.json files in /site/modules/ or /site-*/modules/ RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module|info\.json)$ [NC,OR] # Block access to any software identifying txt, markdown or textile files RewriteCond %{REQUEST_URI} (^|/)(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md|textile)$ [NC,OR] # Block potential arbitrary backup files within site directories for things like config RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/(config[^/]*/?|[^/]+\.php.*)$ [NC,OR] # Block access throughout to temporary files ending with tilde created by certain editors RewriteCond %{REQUEST_URI} \.(html?|inc|json|lock|module|php|py|rb|sh|sql|tpl|tmpl|twig)~$ [NC,OR] # Block access to names of potential backup file extensions within wire or site directories RewriteCond %{REQUEST_URI} (^|/)(wire/|site[-/]).+\.(bak|old|sql|sw[op]|(bak|php|sql)[./]+.*)[\d.]*$ [NC,OR] # Block all http access to the default/uninstalled site-default directory RewriteCond %{REQUEST_URI} (^|/)site-default/ # If any conditions above match, issue a 403 forbidden RewriteRule ^.*$ - [F,L] # 15B. Block archive file types commonly used for backup purposes (O) # ----------------------------------------------------------------------------------------------- # This blocks requests for zip, rar, tar, gz, and tgz files that are sometimes left on servers # as backup files, and thus can be problematic for security. This rule blocks those files # unless they are located within the /site/assets/files/ directory. This is not enabled by # default since there are many legitimate use cases for these files, so uncomment the lines # below if you want to enable this. # RewriteCond %{REQUEST_URI} \.(zip|rar|tar|gz|tgz)$ [NC] # RewriteCond %{REQUEST_URI} !(^|/)(site|site-[^/]+)/assets/files/\d+/ [NC] # RewriteRule ^.*$ - [F,L] # PW-PAGENAME # ----------------------------------------------------------------------------------------------- # 16A. Ensure that the URL follows the name-format specification required by PW # See also directive 16b below, you should choose and use either 16a or 16b. # ----------------------------------------------------------------------------------------------- RewriteCond %{REQUEST_URI} "^/~?[-_.a-zA-Z0-9/]*$" # ----------------------------------------------------------------------------------------------- # 16B. Alternative name-format specification for UTF8 page name support. (O) # If used, comment out section 16a above and uncomment the directive below. If you have updated # your $config->pageNameWhitelist make the characters below consistent with that. # ----------------------------------------------------------------------------------------------- # RewriteCond %{REQUEST_URI} "^/~?[-_./a-zA-Z0-9æåäßöüđжхцчшщюяàáâèéëêěìíïîõòóôøùúûůñçčćďĺľńňŕřšťýžабвгдеёзийклмнопрстуфыэęąśłżź]*$" # END-PW-PAGENAME # ----------------------------------------------------------------------------------------------- # 17. If the request is for a file or directory that physically exists on the server, # then don't give control to ProcessWire, and instead load the file # ----------------------------------------------------------------------------------------------- RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !(favicon\.ico|robots\.txt) # ----------------------------------------------------------------------------------------------- # 18. Optionally (O) prevent PW from attempting to serve images or anything in /site/assets/. # Both of these lines are optional, but can help to reduce server load. However, they # are not compatible with the $config->pagefileSecure option (if enabled) and they # may produce an Apache 404 rather than your regular 404. You may uncomment the two lines # below if you don't need to use the $config->pagefileSecure option. After uncommenting, test # a URL like domain.com/site/assets/files/test.jpg to make sure you are getting a 404 and not # your homepage. If getting your homepage, then either: do not use this option, or comment out # section #2 above that makes ProcessWire the 404 handler. # ----------------------------------------------------------------------------------------------- # RewriteCond %{REQUEST_URI} !\.(jpg|jpeg|gif|png|ico|webp|svg)$ [NC] # RewriteCond %{REQUEST_FILENAME} !(^|/)site/assets/ # ----------------------------------------------------------------------------------------------- # 19. Pass control to ProcessWire if all the above directives allow us to this point. # For regular VirtualHosts (most installs) # ----------------------------------------------------------------------------------------------- RewriteRule ^(.*)$ index.php?it=$1 [L,QSA] # ----------------------------------------------------------------------------------------------- # 20. If using VirtualDocumentRoot (500): comment out the one above and use this one instead # ----------------------------------------------------------------------------------------------- # RewriteRule ^(.*)$ /index.php?it=$1 [L,QSA] </IfModule> ################################################################################################# # END PROCESSWIRE HTACCESS DIRECTIVES #################################################################################################
-
So being a LAMP server guy, recently at my work I've had to use Microsoft's' Azure Cloud to host some micro-apps of ours and I got to playing around with the platform. It's pretty nifty! Naturally, I tried to install ProcessWire to play around with Web Apps + SQL App Service to see what I can get away with on the Free Tier (rather then spinning up a full LAMP VM machine which is the way Bitnami installs ProcessWire, costing $60CAD/mo). Turns out installing ProcessWire is pretty smooth sailing except for one part: .htaccess mod_rewrite rules when you're not using Apache, as this is Azure Cloud so it's running PHP7 on IIS Microsoft Server and requires rewrite rules to be in a web.config file instead. Doing some digging, I found tools that convert .htaccess over to web.config and was curious if anyone with experience using Microsoft .NET could see if the rules from the .htaccess actually do translate in the same way when written in XML for web.config? Default ProcessWire v3.0 .htaccess file (comments, commented out commands removed): Options -Indexes Options +FollowSymLinks ErrorDocument 404 /index.php <Files favicon.ico> ErrorDocument 404 "The requested file favicon.ico was not found. </Files> <Files robots.txt> ErrorDocument 404 "The requested file robots.txt was not found. </Files> <IfModule mod_headers.c> Header always append X-Frame-Options SAMEORIGIN Header set X-XSS-Protection "1; mode=block" </IfModule> <FilesMatch "\.(inc|info|info\.json|module|sh|sql)$|^\..*$|composer\.(json|lock)$"> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Order allow,deny </IfModule> </FilesMatch> <IfModule mod_php5.c> php_flag magic_quotes_gpc off php_flag magic_quotes_sybase off php_flag register_globals off </IfModule> DirectoryIndex index.php index.html index.htm <IfModule mod_rewrite.c> RewriteEngine On AddDefaultCharset UTF-8 <IfModule mod_env.c> SetEnv HTTP_MOD_REWRITE On </IfModule> RewriteRule "(^|/)\.(?!well-known)" - [F] RewriteCond %{REQUEST_URI} !(^|/)site-[^/]+/install/[^/]+\.(jpg|jpeg|png|gif)$ [OR] RewriteCond %{REQUEST_URI} (^|/)\.htaccess$ [NC,OR] RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$) [OR] RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/install($|/.*$) [OR] RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/assets.*/-.+/.* [OR] RewriteCond %{REQUEST_URI} (^|/)(wire|site|site-[^/]+)/(config|index\.config|config-dev)\.php$ [OR] RewriteCond %{REQUEST_URI} (^|/)(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$ [OR] RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))$ [OR] RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/assets($|/|/.*\.php)$ [OR] RewriteCond %{REQUEST_URI} (^|/)wire/(core|modules)/.*\.(php|inc|tpl|module|info\.json)$ [OR] RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module|info\.json)$ [OR] RewriteCond %{REQUEST_URI} (^|/)(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md|textile)$ [OR] RewriteCond %{REQUEST_URI} (^|/)site-default/ RewriteRule ^.*$ - [F,L] RewriteCond %{REQUEST_URI} "^/~?[-_.a-zA-Z0-9/]*$" [OR] RewriteCond %{REQUEST_FILENAME} !-f [OR] RewriteCond %{REQUEST_FILENAME} !-d [OR] RewriteCond %{REQUEST_FILENAME} !(favicon\.ico|robots\.txt) [OR] RewriteRule ^(.*)$ index.php?it=$1 [L,QSA] </IfModule> Converted web.config file: <rewrite> <rules> <rule name="www_mysite_com:non-80"> <match url=""(^|/)\.(?!well-known)"" ignoreCase="false" /> <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" /> </rule> <rule name="www_mysite_com:80" stopProcessing="true"> <match url="^.*$" ignoreCase="false" /> <conditions logicalGrouping="MatchAny"> <add input="{URL}" pattern="(^|/)site-[^/]+/install/[^/]+\.(jpg|jpeg|png|gif)$" ignoreCase="false" negate="true" /> <add input="{URL}" pattern="(^|/)\.htaccess$" /> <add input="{URL}" pattern="(^|/)(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$)" ignoreCase="false" /> <add input="{URL}" pattern="(^|/)(site|site-[^/]+)/install($|/.*$)" ignoreCase="false" /> <add input="{URL}" pattern="(^|/)(site|site-[^/]+)/assets.*/-.+/.*" ignoreCase="false" /> <add input="{URL}" pattern="(^|/)(wire|site|site-[^/]+)/(config|index\.config|config-dev)\.php$" ignoreCase="false" /> <add input="{URL}" pattern="(^|/)(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$" ignoreCase="false" /> <add input="{URL}" pattern="(^|/)(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))$" ignoreCase="false" /> <add input="{URL}" pattern="(^|/)(site|site-[^/]+)/assets($|/|/.*\.php)$" ignoreCase="false" /> <add input="{URL}" pattern="(^|/)wire/(core|modules)/.*\.(php|inc|tpl|module|info\.json)$" ignoreCase="false" /> <add input="{URL}" pattern="(^|/)(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module|info\.json)$" ignoreCase="false" /> <add input="{URL}" pattern="(^|/)(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md|textile)$" ignoreCase="false" /> <add input="{URL}" pattern="(^|/)site-default/" ignoreCase="false" /> </conditions> <action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" /> </rule> <rule name="www_mysite_com:80" stopProcessing="true"> <match url="^(.*)$" ignoreCase="false" /> <conditions logicalGrouping="MatchAny"> <add input="{URL}" pattern=""^/~?[-_.a-zA-Z0-9/]*$"" ignoreCase="false" /> <add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" /> <add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" /> <add input="{REQUEST_FILENAME}" pattern="(favicon\.ico|robots\.txt)" ignoreCase="false" negate="true" /> </conditions> <action type="Rewrite" url="index.php?it={R:1}" appendQueryString="true" /> </rule> </rules> </rewrite>
- 3 replies
-
- 1
-
- azure cloud
- .htaccess
-
(and 1 more)
Tagged with:
-
Hi Everyone I have a problem here. I have built a site with Processwire on localhost and then transferred to my customer's server. a) it's a windows server (unfortunately) and b) there is a domain-mapping for this site, the domain points to a folder of another domain. Sorry, I can't explain it any better, I don't really understand the different types of servers (why do they have to be different anyway...). My problem is, that I see the main website but not the admin page. Do I have to add anything to my .htaccess file? I also tried to include web.config file. Not .htaccess nor web.config file have an impact when changing its content. I really have no clue what to do!! Links: mcconnellacademy.ch, mcconnellacademy.ch/admin Thanks for any pointing in the right direction!
-
Hi all, I'm just looking for some advice really. We've got a current website in the root of our hosting account and have been developing a new Processwire powered one in a sub-directory. We're now getting close to setting the new site live and I'm wondering which is best; leave the new site in the sub-directory and modify the .htaccess file to point to it, or remove the existing site and move the new one across to the root. We're also looking to install Piwik in its own folder too, together with the Piwik Analytics module. Would this work if the site remains in the sub-directory, because Piwik would effectively be in a sub-directory off a sub-directory? Basically it comes down to which is the more satisfactory option, leave it where it is versus move it to the root. If it stays in the sub-directory, I'll want to change the .htaccess file to point at that location, but also hide the sub-directory so it looks as if it's running from the root, e.g. the site is running from www.example.com/cms/ but the visitor never sees the /cms/ in the urls. Thanks in advance for any advice. Tony.
- 4 replies
-
- root
- sub-directory
-
(and 1 more)
Tagged with:
-
Hi I am currently experimenting with Google Polymer / Web Components, which relies on html-imports. I noticed that Processwire's .htaccess blocks access to .html files in the template folder. # Block access to any PHP or markup files in /site/templates/ RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))$ [OR] Is it safe to reallow access to .html-files in "/templates"? Or maybe just to a specific subfolder, like "templates/html-imports/*.html"?
-
Hi, I try to move my website. I already moved the database, changed the config.php content, but I get: Parse error: syntax error, unexpected T_VARIABLE in www/v3/index.php on line 106 the line 106 contains: $config->paths = clone $config->urls; What did I miss?
-
So I'm just about finished up migrating a large drupal site to processwire. I'm now testing some redirects and ran into an interesting problem that --might-- have something to do with processwires default .htaccess file. So I have a main site example.com And a subdomain products.example.com (apache hosted out of /public_html/products/....) (and a few other subdomains all in wordpress incidentally). I need a redirect like: http://example.com/products/productname.html -> http://products.example.com/productname.html So I tried something like the following at the top level domain .htaccess: #othersub RedirectMatch 301 ^/other/(.*) https://other.example.com/$1 (this works and is a WP site) # Complicated Subdomain Redirects RedirectMatch 301 ^/products/(.*) http://products.example.com/$1 (this is the PW site and it instead gives me http://products.example.com/productname.html?it=products/productname.html) - which is incorrect. This is either an easy processwire issue for someone who knows the .htaccess file well - or it's a server configuration thing from the subdomain and the url "folder" having the same name. But I've tried just about every possible variation I can think of and cannot get this to work. Any guidance would be appreciated. Thanks!
-
I have been pulling my hair out for over a week now and frankly can not study anymore because I am exhausted and on the verge of throwing in the towel. I have switched to a Linux dev enviroment recently (Manjaro which is Arch based) and love everything about it. It's another story why I made the switch from Windows but I can tell you that I have never experienced trouble before because I was using Wamp and everything just seemed to work out the box. With setting up Apache myself on this particular Linux distro, things are a "whole lot different". So here goes: I got virtual hosts working with Apache 2.4.10 and everything is fine; PHP 5.6 works, my /etc/hosts files are pointing correctly and all that good stuff. I believe I have enabled all the required modules which Processwire needs (and then-some) : Mod_Rewrite being the most important. However, when I download my Production files (live server) onto my Development machine, it doesn't go as smooth as the WAMP days I have narrowed it down to something which must not be configured correctly for .htaccess to take affect. Again, this really is my first attempt (although been at it for over a week) to get a LAMP stack installed so it's probably something I am not understanding or doing right. Btw, MySQL (MariaDB) is working correctly and all the databases have been imported from my Production .sql file. Here is my virtual host file: Maybe something in here isn't correct. <VirtualHost *:80> DocumentRoot /srv/http/site2.dev ServerName dev.site2.com ErrorLog /var/log/httpd/site2_log <Directory /srv/http/site2.dev> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> </VirtualHost> The .htaccess directives are for Processwire 2.3. I have never had to touch them before, but I tried commenting / un-commenting almost everything which has been reccomend thus far and nothing has worked This 500 Internal Server Error will not leave me! Thanks so much for any help / tips you can provide. Thank You
- 19 replies
-
- virtualhost
- apache
-
(and 3 more)
Tagged with:
-
Hello everyone. Please help me, I’m getting mad. I’m trying to install ProcessWire on my server and nothing works. I have an Italian provider called ARUBA. During the installation I had some problems with the .htaccess file and I made some changes. here is my file. http://www.danielemartini.net/htaccess Now that the installations is done, I can see the Homepage http://www.danielemartini.net/sito/ but I can’t access the admin page. i didn’t change the urls so should be http://www.danielemartini.net/sito/processwire but it doesn’t find the page. Where’s the problem? Why the installation worked and now I can’t access ?
-
Hi, I´ve uploadet my files with all neccessary settings (chmod dir:755/files:644, assets files & dir 755, mod_rewrite=On, cache empty). The root-site works, but all children-sites respond with: "The server encountered an internal error or misconfiguration and was unable to complete your request.". It seems, mod_rewrite ist OFF, but I´ve checked it more than one time - it is ON! I also switched the options +FollowSymLinks / +SymLinksifOwnerMatch in .htaccess - nothing! Any ideas, please? Server PHP Version: 5.3.19. Thank you so much
- 2 replies
-
- server error
- mod_rewrite
-
(and 1 more)
Tagged with:
-
Hello, after relaunching a website I want to redirect all my old URLs to the new structure. Here's the problem: When i try to add Redirect 301 /index.html /startseite I get the following result: http://www.domain.de/startseite?it=index.html Is there a simple way to do what I want and get rid of "?it=index.html"? Greets Jens alias DV-JF
-
I have PW installed in subdirectory /pages. This makes all my pages load with URLs like /pages/{slug} which is what I want as I'm only using PW as the CMS for static pages and articles. However I would like the /pages/ url to be redirected to / of the site. I've tried this in the .htaccess file: # Redirect /pages to / RewriteRule ^pages/$ / [L,R=301] right after this: # ----------------------------------------------------------------------------------------------- # Ensure that the URL follows the name-format specification required by ProcessWire # ----------------------------------------------------------------------------------------------- RewriteCond %{REQUEST_URI} "^/~?[-_.a-zA-Z0-9/]*$" I did mod the .htaccess in the /pages directory. I also tried the .htaccess in the public directory. I also tried: RewriteRule ^pages$ / [L,R=301] RewriteRule ^(pages/)$ / [L,R=301] RewriteRule ^(pages)/$ / [L,R=301] RewriteRule ^(pages)$ / [L,R=301] Any suggestions?
-
I built best-of-scotland.co.uk on Processwire and have a redirect problem. Tried method 1: If I add the line to the .htaccess file I get a site error. At the bottom or the top of the file I tried adding Redirect 301 /index.php/contact http://best-of-scotland.co.uk/contact/ Tried Method 2: Using the redirect module (http://modules.processwire.com/modules/process-redirects/) does not seem to work at all. For example this page http://www.best-of-scotland.co.uk/index.php/contact was the old page and we are trying to get it to redirect to http://www.best-of-scotland.co.uk/contact. Is there a way to redirect an old site with SEO rewritten URLs to the new site?
-
G'day everyone I'm new to ProcessWire - hoping someone could help me out?? I've installed ProcessWire in my root (public_html) directory & all is good - I really like this CMS. Very happy I stumbled across it! Thank you! This processwire site is accessible from my main domain (www.example.com) - No problem. However... I also own another domain name which I want to use for an entirely seperate website, but hosted on the same server account. Now, I've done this before with basic web pages with no hassles. But, with ProcessWire already installed - I'm having issues? In my cPanel admin area I create an Add-On Domain (www.secondwebsite.com). This creates a new folder in the root e.g. public_html/secondwebsite.com, and also creates the subdomain secondwebsite.example.com (which I'll deal with later). So, I place a Hello World index.html file within the new public_html/secondwebsite.com folder - This is to be the front page of my second website (entirely seperate from the ProcessWire site). When I type www.secondwebsite.com in my web browser, it is supposed to load that index.html file... Instead, I am greeted with a 403 Forbidden Error: Spewing. I did a bit of Googling to try and find a solution and found this thread which seems to have the answer, but I just can't figure out how to apply it to ProcessWire? I applied the fix they suggest in that thread by adding: To the start of the .htaccess file in my public_html folder. No luck. I tried placing it in different areas of the file, such as after the ReWriteEngine on line... Still no luck. Now, I've verified that it is the ProcessWire .htaccess file which is causing the issue, as I renamed the file, and I was instantly able to access my Add-On Domain from www.secondwebsite.com Could someone PLEASE help me out with this issue? I really don't have much experience with .htaccess files. If I can't resolve this it messes up my website plans for using ProcessWire Any help is greatly appreciated, thanks. Nick
- 11 replies
-
Hi, while exploring PW from the filesystem I've found 'Http.php' and as of my difficultys when starting with PW, I was wondering why not sending a HTTP-HEAD-Request to the admin-page-url at the end of the install process and inform the user if .htaccess isn't configured the right way. So, I was a bit wiser after opening the class-file: there was no support in it for HEAD, only GET and POST. As I've build a own http-client-class a hundred years ago, it was not much work to implement the HEAD-method as well. (added 1 Line) Maybe it should be added a http->status(url-to-adminpage)-check at end of install-routine to inform the user if it responses other than 200. (at least a link to apropriate forum-topic or provide direct information how to solve that) ---- Edit/Added: Every few days a new user run into same problem look at this post and the following two. (I really can feal the pain he has). And all the helpful people here try to explain how to solve it everytime and again and again. So, if it is not a kind of test to new users, the install-routine should solve that for them, and other as I've mentioned above, it should/could be done in the background, because everything needed is the .htaccess-file which is created by PW itself and some HTTP-Requests. If default install is 404 for admin page: compare $_SERVER['DOCUMENT_ROOT'] with install folder of PW and write appropriate Path as RewriteBase into .htaccess-file and check again. If it responses '200 OK' now, - fine. If not, - tell user that there are Problems with this and point him to Forum-FAQ. So, if it is actually a test to the new users weakness or strength with stressy situations, ok - any admin/moderator should silently delete this post and I never will ask again. ---- --- In API I have not found how we can use the WireHttp-class, (Searchphrases like HTTP and Request etc are not very useful) Can someone point me to it please?
-
I notice in .htaccess there is code to redirect to the www version of the site (if you uncomment it), what about vice versa? Because currently you can access the site from either www or no www. Could this be made a selection during install?