Jump to content

[SOLVED] .htaccess newb

sawade

By sawade
in Apache HTTP Server

 Share

Recommended Posts

sawade Member

sawade

Posted
Posted

Okay.  Let me say this.  I know nothing  :shrug: about how to code a .htaccess file.  The host service we are using has a generator, however when I try to use it I only get errors.  So i found a code on line to use in the mean time.  :confused:

 

RewriteEngine On 

RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R=301,L]

 

However what I want it to do is...

The main site be a normal http, but once the pages in a certain folder are accessed it goes to the SSL.  Right now the whole site is under the SSL.

 

Next Question:

 

We have several forms on the site.  We use the POST global in PHP to process them.  We want to make it so if they try to hack it through GET or otherwise that it will deny them.  I have this, but I don't know if it is right.

 

<Files .htaccess> 
deny from all 
</Files>

<Limit GET>
deny from all
</Limit>

 

Last Question:

 

Is this acceptable code?

 

# BLOCK Spambots

RewriteEngine on 
RewriteBase / 
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR] 
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR] 
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*Indy [OR] 
RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Crescent [OR] 
RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [OR] 
RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[bb]andit [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebEMailExtrac.* [OR] 
RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Teleport [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Zeus.*Webster [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Microsoft.URL [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Ping [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Link [OR] 
RewriteCond %{HTTP_USER_AGENT} ^LinkWalker [OR] 
RewriteCond %{HTTP_USER_AGENT} ^sitecheck.internetseer.com [OR] 
RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [OR] 
RewriteCond %{HTTP_USER_AGENT} ^DIIbot [OR] 
RewriteCond %{HTTP_USER_AGENT} ^psbot [OR] 
RewriteCond %{HTTP_USER_AGENT} ^InternetSeer.com [OR] 
RewriteCond %{HTTP_USER_AGENT} ^EmailCollector 
RewriteRule ^.* - [F] 
RewriteCond %{HTTP_REFERER} ^http://www.iaea.org$ 
RewriteRule !^http://[^/.]\.mydomain.com.* - [F]

 

Thanks!!!

Link to comment
Share on other sites
roopurt18 Advanced Member

roopurt18

Posted
Posted 

RewriteEngine on

# HTTPS is off and
# Requested URI contains special directory,
# Redirect to HTTPS
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} (the_directory/?)|(the_directory/.*)$
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,QSA,R=301]
# Above - I believe 301 is moved permanently, double check yourself.

 

We have several forms on the site.  We use the POST global in PHP to process them.  We want to make it so if they try to hack it through GET or otherwise that it will deny them.  I have this, but I don't know if it is right.

You don't have to do anything in .htaccess for this as far as I know.  If the user "hacks" the form and turns it into a method="get", then your PHP code will be looking for values in $_POST, won't find them, and won't do anything.  That is if you programmed your PHP program correctly.

 

<Limit GET>
deny from all
</Limit>

AFAIK, that will block most of the traffic to your site.  The two most common request types sent by the browser are GET and POST.  Submitting a form with method="post" is a  POST request, just about everything else is GET irrelevant of the existence of a query string.  I could be mistaken here, but this is my understanding.

 

As for your spam bots, it's mostly pointless to block them based on user agent as they can change it easily.  I wouldn't even bother.

Link to comment
Share on other sites
sawade Member

sawade

Posted
  • Author
Posted

I made some changes.  Thank you.

 

Now when I do access the folders I want it does change to the SSL, but once I click on a page in the secure folder if I click lets say back to the home page it is still under the SSL.  It doesn't revert back to the regular http.

 

 

My full script:

Options +FollowSymLinks
RewriteEngine On
RewriteBase /

AddHandler application/x-httpd-php5s .php

# REDIRECT if www or not to www.domain.com

RewriteCond %{HTTP_HOST} ^domain.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.domain.com$
RewriteRule ^/?$ "http\:\/\/www\.domain\.com\/" [R=301,L]

# REDIRECT w/ folder secureforms/forms/ to SSL

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} (/secureforms/forms//?)|(/secureforms/forms//.*)$
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,QSA,R=301]

<Files .htaccess> 
deny from all 
</Files>

 

Also, using the host generator, I made the following code.  But when I try to test it in a browser, the browser just thinks and thinks.  I close it down after 5 minutes and no results.

 

# REDIRECT if www or not to www.domain.com

RewriteCond %{HTTP_HOST} ^domain.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.domain.com$
RewriteRule ^/?$ "http\:\/\/www\.domain\.com\/" [R=301,L]

Link to comment
Share on other sites
roopurt18 Advanced Member

roopurt18

Posted
Posted 

# REDIRECT if www or not to www.domain.com
RewriteCond %{HTTP_HOST} ^domain.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.domain.com$
RewriteRule ^/?$ "http\:\/\/www\.domain\.com\/" [R=301,L]

 

Is equivalent to:

IF host IS domain.com OR host IS www.domain.com THEN
  REDIRECT www.domain.com
END IF

 

It needs to be:

RewriteCond %{HTTP_HOST} ^domain\.com$
RewriteRule ^/?$ http://www.domain.com/ [R=301,L]

 

 

but once I click on a page in the secure folder if I click lets say back to the home page it is still under the SSL.  It doesn't revert back to the regular http.

You can think of .htaccess as being processed sequentially.  One rule (or group of rules) is processed and applied if possible.  If they are unable to be applied, then processing continues to the next set of rules.  So to fix this we add a set of rules after the redirect-to-https rules.  This new set of rules will redirect away from HTTPS for all non-applicable URIs.

 

# REDIRECT w/ folder secureforms/forms/ to SSL
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} (/secureforms/forms//?)|(/secureforms/forms//.*)$
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,QSA,R=301]

# Now, if HTTPS is ON and the URI is not secureforms/forms, redirect away from HTTPS
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !(/secureforms/forms//?)|(/secureforms/forms//.*)$
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [L,QSA,R=301]

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.