sawade Posted August 28, 2009 Share Posted August 28, 2009 Okay. Let me say this. I know nothing about how to code a .htaccess file. The host service we are using has a generator, however when I try to use it I only get errors. So i found a code on line to use in the mean time. RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R=301,L] However what I want it to do is... The main site be a normal http, but once the pages in a certain folder are accessed it goes to the SSL. Right now the whole site is under the SSL. Next Question: We have several forms on the site. We use the POST global in PHP to process them. We want to make it so if they try to hack it through GET or otherwise that it will deny them. I have this, but I don't know if it is right. <Files .htaccess> deny from all </Files> <Limit GET> deny from all </Limit> Last Question: Is this acceptable code? # BLOCK Spambots RewriteEngine on RewriteBase / RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR] RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR] RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [OR] RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*Indy [OR] RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [OR] RewriteCond %{HTTP_USER_AGENT} ^Crescent [OR] RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [OR] RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[bb]andit [OR] RewriteCond %{HTTP_USER_AGENT} ^WebEMailExtrac.* [OR] RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [OR] RewriteCond %{HTTP_USER_AGENT} ^Teleport [OR] RewriteCond %{HTTP_USER_AGENT} ^Zeus.*Webster [OR] RewriteCond %{HTTP_USER_AGENT} ^Microsoft.URL [OR] RewriteCond %{HTTP_USER_AGENT} ^Wget [OR] RewriteCond %{HTTP_USER_AGENT} ^Ping [OR] RewriteCond %{HTTP_USER_AGENT} ^Link [OR] RewriteCond %{HTTP_USER_AGENT} ^LinkWalker [OR] RewriteCond %{HTTP_USER_AGENT} ^sitecheck.internetseer.com [OR] RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [OR] RewriteCond %{HTTP_USER_AGENT} ^DIIbot [OR] RewriteCond %{HTTP_USER_AGENT} ^psbot [OR] RewriteCond %{HTTP_USER_AGENT} ^InternetSeer.com [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailCollector RewriteRule ^.* - [F] RewriteCond %{HTTP_REFERER} ^http://www.iaea.org$ RewriteRule !^http://[^/.]\.mydomain.com.* - [F] Thanks!!! Quote Link to comment https://forums.phpfreaks.com/topic/172229-solved-htaccess-newb/ Share on other sites More sharing options...
roopurt18 Posted August 28, 2009 Share Posted August 28, 2009 RewriteEngine on # HTTPS is off and # Requested URI contains special directory, # Redirect to HTTPS RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} (the_directory/?)|(the_directory/.*)$ RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,QSA,R=301] # Above - I believe 301 is moved permanently, double check yourself. We have several forms on the site. We use the POST global in PHP to process them. We want to make it so if they try to hack it through GET or otherwise that it will deny them. I have this, but I don't know if it is right. You don't have to do anything in .htaccess for this as far as I know. If the user "hacks" the form and turns it into a method="get", then your PHP code will be looking for values in $_POST, won't find them, and won't do anything. That is if you programmed your PHP program correctly. <Limit GET> deny from all </Limit> AFAIK, that will block most of the traffic to your site. The two most common request types sent by the browser are GET and POST. Submitting a form with method="post" is a POST request, just about everything else is GET irrelevant of the existence of a query string. I could be mistaken here, but this is my understanding. As for your spam bots, it's mostly pointless to block them based on user agent as they can change it easily. I wouldn't even bother. Quote Link to comment https://forums.phpfreaks.com/topic/172229-solved-htaccess-newb/#findComment-908087 Share on other sites More sharing options...
sawade Posted August 28, 2009 Author Share Posted August 28, 2009 I made some changes. Thank you. Now when I do access the folders I want it does change to the SSL, but once I click on a page in the secure folder if I click lets say back to the home page it is still under the SSL. It doesn't revert back to the regular http. My full script: Options +FollowSymLinks RewriteEngine On RewriteBase / AddHandler application/x-httpd-php5s .php # REDIRECT if www or not to www.domain.com RewriteCond %{HTTP_HOST} ^domain.com$ [OR] RewriteCond %{HTTP_HOST} ^www.domain.com$ RewriteRule ^/?$ "http\:\/\/www\.domain\.com\/" [R=301,L] # REDIRECT w/ folder secureforms/forms/ to SSL RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} (/secureforms/forms//?)|(/secureforms/forms//.*)$ RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,QSA,R=301] <Files .htaccess> deny from all </Files> Also, using the host generator, I made the following code. But when I try to test it in a browser, the browser just thinks and thinks. I close it down after 5 minutes and no results. # REDIRECT if www or not to www.domain.com RewriteCond %{HTTP_HOST} ^domain.com$ [OR] RewriteCond %{HTTP_HOST} ^www.domain.com$ RewriteRule ^/?$ "http\:\/\/www\.domain\.com\/" [R=301,L] Quote Link to comment https://forums.phpfreaks.com/topic/172229-solved-htaccess-newb/#findComment-908297 Share on other sites More sharing options...
roopurt18 Posted August 28, 2009 Share Posted August 28, 2009 # REDIRECT if www or not to www.domain.com RewriteCond %{HTTP_HOST} ^domain.com$ [OR] RewriteCond %{HTTP_HOST} ^www.domain.com$ RewriteRule ^/?$ "http\:\/\/www\.domain\.com\/" [R=301,L] Is equivalent to: IF host IS domain.com OR host IS www.domain.com THEN REDIRECT www.domain.com END IF It needs to be: RewriteCond %{HTTP_HOST} ^domain\.com$ RewriteRule ^/?$ http://www.domain.com/ [R=301,L] but once I click on a page in the secure folder if I click lets say back to the home page it is still under the SSL. It doesn't revert back to the regular http. You can think of .htaccess as being processed sequentially. One rule (or group of rules) is processed and applied if possible. If they are unable to be applied, then processing continues to the next set of rules. So to fix this we add a set of rules after the redirect-to-https rules. This new set of rules will redirect away from HTTPS for all non-applicable URIs. # REDIRECT w/ folder secureforms/forms/ to SSL RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} (/secureforms/forms//?)|(/secureforms/forms//.*)$ RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,QSA,R=301] # Now, if HTTPS is ON and the URI is not secureforms/forms, redirect away from HTTPS RewriteCond %{HTTPS} on RewriteCond %{REQUEST_URI} !(/secureforms/forms//?)|(/secureforms/forms//.*)$ RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [L,QSA,R=301] Quote Link to comment https://forums.phpfreaks.com/topic/172229-solved-htaccess-newb/#findComment-908529 Share on other sites More sharing options...
sawade Posted August 29, 2009 Author Share Posted August 29, 2009 That works perfect. Thank you so much! Quote Link to comment https://forums.phpfreaks.com/topic/172229-solved-htaccess-newb/#findComment-908896 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.