htaccess issue after setup restriction to folders - file

I have a demand where I need to deny access to a folder (localhost\uploads\video). I got this by applying the below rule in the htacess at localhost:
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost/ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC]
RewriteRule \.(|avi|mp4)$ - [F,NC]
Scenario 1 - It works fine if I try to access the resoruce (.avi files mainly)by typing the address straighforward in the browser and this is the message:
Forbidden You don't have permission to access /video/23/videoname.html on this server. Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.THIS IS OK.
Scenario 2 - With tis rule applied, if I try to click in any link in my homepage which leads me to the video I'm also getting the same message than in scenario 1 and this isn't what I wanted to. I thought when I would access through homepage(by clicking over the avi link) this message wouldn't come.
How can I get this done in this way? I want to block over direct access but I want to keep it working fine if this be executed from homepage...
Regards
Eliel

Your regex seems to be problem for URI pattern matching. Change you rule to:
RewriteCond %{HTTP_REFERER} !(www\.)?domain\. [NC]
RewriteRule \.(avi|mp4)$ - [F,NC]
Make sure to replace domain with your actual domain name.

Related

Sonata admin missing css files

Working on a site with php 7.2, Symfony 4 and Sonata admin 3.
In dev, on my machine, everything works fine, the site itself, and the two admins (user and content).
I have put everything on the final server (unfortunately, file by file, no console with S4 ! so, no "composer:install"...).
Still on dev, the site works fine, all functionalities.
But when I try to use the admin page, I only get a non-formatted page. None of the assets (css and js) seems to work!
However the source code are identical, on localhost and the distant site...
Can anyone help me
Edit : I found where the issue comes from : it's linked to .htaccess.
The http address I use ends in /public/index.php. I use .htaccess to shorten it and when using the .htacces redirection I can't get the assets of the admin page, while it works fine without redirection.
Is there something I should change in my .htaccess code ?
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ public/index.php
</IfModule>

Web manifest is not accessible after forcing SSL

I recently started forcing HTTPS and non-WWW forms for the URL of my React PWA through the .htaccess file, but this is apparently preventing certain applications (such as pwabuilder.com) from accessing public files of the app, such as its web manifest. That said, there are certain applications, such as Chrome mobile that allow me to access the manifest. How can I make it always accesible?
My .htaccess file is structured like this:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://aurora.igloo.ooo%{REQUEST_URI} [L,NE,R=301]
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -f [OR]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d
RewriteRule ^ - [L]
RewriteRule ^ /index.html [L]
</IfModule>
The file that pwabuilder.com can't access is hosted on https://aurora.igloo.ooo/manifest.json
aurora.igloo.ooo has a strange server and preventing some requests from accessing manifest.json.
First time when I clicked your link, I saw the manifest.json. Then I called the main-page by removing the filepath, clicked back in browser-history to see the manifest again and got this shown (with http-response-code 200):
Looking at it in the network-console it's still getting more confusing but also leads to the source of the error:
It's complaining about missing enabling of javascript, so they make some weird things with javascript and probably some hidden redirect too (else the response code would be 3xx). Perhaps they never want the manifest being accessed from outside and it's not configured properly and can be seen under some conditions.
I don't have a quick solution for your problem but it's quite obvious that some clients can't access the manifest and you've to search for another solution. If you're working for aurora.igloo.ooo you've to speak with the frontend-developers and/or server-admins to change something, else you've to offer your own manifest-file. Also it's possible that they offer a solution for the problem, but for that you've either to have access to some FAQ or knowledge-base or you've to contact the support.
Having read about manifest-files on desktop it would force another user-experience and at least in chrome change the complete window. While that might be cool for some special pages it also could be confusing.
Here are the three links I read about it:
https://developers.google.com/web/fundamentals/web-app-manifest/
https://developers.google.com/web/fundamentals/app-install-banners/
https://developers.google.com/web/progressive-web-apps/desktop
My assumption is that aurora.igloo.ooo never want to break with common browsing experience by showing a special app-window on desktop, therefore they prevent the manifest from loading properly on desktop.
I just read the first time about it, so the technical behavior like I understood it might be wrong or it's not the complete technical background.
At least the impression I got is that on desktop it should be considered twice if a website shall run as web-app. If you choose this solution nevertheless, you probably need still find more information about it but the links I posted might be a good start and offer still further details and links.
Another reason to decide against a web-app for desktop might be the compatibility between browsers, as support of technical options is very differing:
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json#Browser_compatibility

AngularJS navigating to a route gives 404 in Apache

When loading a page using Angular an Apache myserver.com everything works fine, when going to a subroute from the main page myserver.com/credits by clicking a link it'll work as well.
However, if I try to go directly to myserver.com/credits from the browser navigation bar it'll return a 404 error message:
I'm aware that by working with node I can configure this so that it does work, however, my company website runs in an apache server which I have no access to.
I could make it so the server redirects to the main page myserver.com like so:
.htaccess
ErrorDocument 404 /index.html
However the optimal resolution would be that going to myserver.com/credits works outright.
Is there a way to make Apache behave this way? And if so, how?
The answer that solves this question can be found here:
https://stackoverflow.com/a/22740184/1224232
I have flagged this question as a duplicate. I have tested it and it works perfectly.
Special thanks to Kevin B for directing me to the answer, and to Rajasaur for providing the answer.
Created a .htaccess file in root directory if not exist.
then add the following code in it
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# not rewrite css, js and images
RewriteCond %{REQUEST_URI} !\.(?:css|js|map|jpe?g|gif|png)$ [NC]
RewriteRule ^(.*)$ /index.html?path=$1 [NC,L,QSA]

ImpressPages admin page has 404 error

I have just installed ImpressPages 4_0_17 and I completed the installation process through the point of filling out the database form and submitting it. The next page gave a 404 error on the URL /ImpressPages/admin. Prior to that, the systems check page listed 3 warnings: Magic quotes Off, Apache mod_rewrite, PHP memory limit 64MB. No other info on these warnings was available on that page.
I am using the alias feature on GoDaddy for hosting, which allows me to create multiple websites in the same account. In addition, I am using a sub-domain for this install so I can test it out before replacing the original site. Because I uploaded the entire IP zip file and extracted it in the web root folder, all the IP files are now installed in the folder /ImpressPages.
After the 404 error, I altered the URL to be just /ImpressPages/. That actually loaded fine. In addition, a small dialog popped up saying that I had been automatically logged in as admin. It gave me the username, password and the email I configured for the site. It also provided the admin page URL that produces a 404 error and said I needed to go there to login in the future.
The home page at /ImpressPages/ loads and shows inline editing features. If I click the Lorem Ipsum link, /ImpressPages/index.php/lorem-ipsumy, I get a white page with the one line:
"No input file specified."
I have tried a few tweaks to the .htaccess file with no success. The latest active lines are shown below. All the other lines from the default file are commented out and I have not tried messing with them.
<IfModule mod_rewrite.c>
RewriteEngine on
# Attempt to fix SVG images, 6/4/2014
AddType image/svg+xml svg
AddType image/svg+xml svgz
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /ImpressPages/index.php?%{QUERY_STRING} [L]
# Redirect www urls to non-www.
# RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
# RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
</IfModule>
The changes I attempted to get admin access are in the RewriteRule. I prefixed index.php first with a slash, then with /ImpressPages/. Neither one helped. Any suggestions on how to get admin access will be greatly appreciated.
17:11 - New info:
With the /ImpressPages/ path and the following .htaccess lines enabled, I can now get the login dialog on the admin page. Once I enter the login correctly, the next URL is /ImpressPages/index.php with the white page described previously. Then reloading /ImpressPages/admin produces the same white page and the same /ImpressPages/index.php URL. So now I can login, but it doesn't help.
Options -Indexes
Options -MultiViews
Those lines are in the default .htaccess file already. I just removed the comment character to activate them.
17:45 - more progress.
I moved all the contents of the /ImpressPages/ folder up one level to web root. Then I removed /ImpressPages/ from the path for index.php in the rewrite rule. With that one change, admin login started working and I am now able to edit my site. There are still issues. For example, publishing a page does publish the changes, but then loads the typical white page with the URL /index.php/home. The URL / loads the home page correctly. Almost sounds like the URL routing is not working correctly.
It looks like ImpressPages instal decided your server doesn't support URL rewrites and has placed rewritesDisabled in config.php
Try to remove this config line.

Setup subdomain in new app directory with Cpanel cakephp

I have working domain.kz with cakephp (Cpanel hosting)
www/app
www/cake
www/index.php
how can i setup admin.domain.kz to (app2)
www/app
www/app2
www/cake
www/index.php
The way you want it - will be very difficult; you'll have to change several file/folder paths in several places. Instead, why don't you try to create an admin folder where you've the full cakephp application for admin.
So the resulting folder structure would be like this:
(domain.kz)
www/app
www/cake
www/index.php
(admin.domain.kz)
www/admin/app
www/admin/cake
www/admin/index.php
Then you'll have to point your subdomain (admin.domain.kz) to /www/admin.
Now assuming that you've configured your domain and subdomain correctly, if you try to browse your domain, it'll work with no issues but if you try to access your subdomain, it'll give you a 500 error. DON'T WORRY. It is expected.
The primary .htaccess file is forcing all requests served by primary webroot (www/app/webroot) folder. You'll have to change your primary .htaccess file (www/.htaccess) like this:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^admin\.domain\.kz$ [NC]
RewriteRule ^ - [L]
RewriteRule ^$ webroot/ [L]
RewriteRule (.*) webroot/$1 [L]
</IfModule>
Notice that, I've added two lines which tells that if you're trying to access your subdomain, stop rewriting; otherwise rewrite as usual. Cheers!!!
If the cake apps are totally separate but share a cake library then the following might work:
You could use cPanel's 'Addon Domain' feature, once the DNS has been set up for admin.domain.kz. Instructions can be found here.
Set the document root of the addon domain to the www/app2 folder.
Then just make sure that CAKE_CORE_INCLUDE_PATH in www/app2/webroot/index.php points to ../../../cake

Resources