Search Results
Be aware that mod_rewrite (RewriteRule, RewriteBase, and RewriteCond) code is executed for each and every HTTP request that accesses a file in or below the
List of the 27 Request Methods available for Apache and rewritecond and htaccess.www.askapache.com/;27-request-methods-for-use-with-apache-and-rewritecond-and-htaccess.html
If the pattern matches, then the RewriteCond's are checked. . The default is [AND] when dealing with multiple RewriteCond rules. To do an 'or'you need
Using TIME_HOUR and TIME_MIN for htaccess RewriteCond. Describes the use of the TIME_HOUR and TIME_MIN variables with RewriteCond and RewriteRule in
Basically instead of having to check for HTTPS using a RewriteCond for every .. [env=https:s] # redirect urls with index.html to folder RewriteCond
Jul 10, 2007 Apache mod_rewrite code to serve alternate versions of a file depending on the server time - week, month, hour, year, second.
HTTP/ [NC, OR] RewriteCond %{QUERY_STRING} ^feed [NC] RewriteCond RewriteEngine On RewriteBase / RewriteCond %{HTTP:Accept-Language} ^.
Feed for this Entry ·Trackback ·htaccess rewritecond. Tags:301 Redirect, 302 Redirect, 404 Not Found, Apache, Apache Htaccess, askapache, ASP, www.askapache.com/;list-of-methods-to-redirect-users-to-different-page.html
[NC] RewriteRule ^ http://%1%{REQUEST_URI} [L, R=301] #If you want to cover both http and https:Options +FollowSymlinks RewriteEngine On RewriteCond
f # Existing File RewriteCond %{REQUEST_FILENAME} !-d # Existing Directory RewriteRule . RewriteCond %{HTTP_REFERER} !^http://(subdomain\.)?domain.tld/.
RewriteCond %{SERVER_PORT} !^443$ RewriteRule . RewriteCond %{SERVER_PORT} ^80$ RewriteRule . RewriteCond %{HTTPS} !=on RewriteRule "^(/secure/.
No https except to wpadmin If the request is empty implies fopen or normal file access by a php script RewriteCond %{THE_REQUEST} ^OR OR if the request if
Then I would be able to find the correct RewriteCond's using the mod_rewrite Options +FollowSymlinks RewriteEngine on rewritecond %{http_host}
($1 is from RewriteRule line, and %1 is from RewriteCond line.) and we can't use variables in the right had side of the RewriteCond.
[L, R=307] # Comment feeds can be called via /comments, wp-commentsrss2, or withcomments=1 to the main feed script RewriteCond %{REQUEST_URI}
RewriteEngine On RewriteBase RewriteCond %{REQUEST_FILENAME}f RewriteRule . RewriteCond %{HTTPContentDisposition}phpNC RewriteCond %{HTTPContentType}
RewriteEngine On RewriteBase / RewriteCond %{REMOTE_HOST} ! . RewriteCond %{REQUEST_METHOD} HEAD RewriteRule .* /cgi-bin/head-robot.cgi. mindrape ~
Options +FollowSymLinks RewriteEngine On RewriteBase / RewriteCond %{HTTP_HOST} ! Using TIME_HOUR and TIME_MIN for htaccess RewriteCond »
BEGIN WordPress RewriteEngine On RewriteBase / RewriteCond %{QUERY_STRING} ! . “RewriteCond %{HTTP:Accept-Encoding} gzip” in the original causes a Vary:
Blocking Bad Robots and Web Scrapers with RewriteRules. ErrorDocument 403 /403.html RewriteEngine On RewriteBase / # IF THE UA STARTS WITH THESE RewriteCond
/index.php [L] #</IfModule>### REQUIRE WWW #RewriteCond %{HTTP_HOST} ! /$1 [R=301, L] ### STOP LOOP CODE #RewriteCond %{ENV:REDIRECT_STATUS} 200
ErrorDocument 401 /logins.php RewriteEngine On RewriteBase / RewriteCond %{ENV:REDIRECT_STATUS} ^401$ [OR] RewriteCond %{REQUEST_URI} ^/.
TIME_DAY Time RewriteCond Time-dependant rewriting uses mod_rewrite and apache .. Options +FollowSymLinks RewriteEngine On RewriteBase / RewriteCond
RewriteCond %{HTTP_HOST} !^www\.askapache\.com$ [NC] RewriteRule ^(. RewriteCond %{HTTP:Accept-Language} ^.*(de|es|fr|it|ja|ru|en).
BEGIN WordPress <IfModule mod_rewrite.c>RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} ! www.askapache.com/;htaccess-trick-to-show-alternate-css-file-based-on-ip.html
/blog/index.php [L] </IfModule># END WordPress # BEGIN AskApache PassPro <IfModule mod_rewrite.c>RewriteEngine On RewriteBase / # sid1000 RewriteCond
Control htaccess Basic Authentication with PHP and mod_rewrite ·27 Request Methods for Apache rewritecond htaccess » www.askapache.com/;301-redirect-with-mod_rewrite-or-redirectmatch.html
$1-$2 [E=underscores:Yes] RewriteCond %{ENV:underscores} ^Yes$ RewriteRule (. RewriteCond %{QUERY_STRING} ^source= RewriteRule (.*) /$1? [R=301, L]
ErrorDocument 503 /maintenance.htm # Custom 503 error page # Developer Address RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.1$ # Only rewrite dynamic pages
RewriteEngine On RewriteBase / RewriteCond %{TIME_SEC} ^.([0-9]) [NC] RewriteRule f RewriteRule ^feed\.gif$ /zi/feed1.gif [S=3] RewriteCond %{TIME_SEC}
Also, Cindy alerted me to the fact that adding:RewriteCond %{HTTP:VIA} ^. [F, L] # A new tactic - using SetEnvIfNoCase instead of RewriteCond - seems to
Perl, PHP, Port, post, Prompt, ram, Redirect, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Scanners, Security, SEO, server,
Oct 20, 2008 RewriteEngine On RewriteBase / RewriteCond %{THE_REQUEST} ^(GET|HEAD)\ f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule .+ /z/%2/%3.
ErrorDocument 403 /error.php RewriteEngine On RewriteBase / RewriteCond %{REQUEST_URI} ^.*\.(php|cgi)$ RewriteCond %{ENV:REDIRECT_STATUS} !200 RewriteRule .
You should only use mod_rewrite's rewriterule when you use a rewritecond or if you are rewriting internally like my feedcount hack.
Mod_Rewrite Variables Cheatsheet Mod_Rewrite Variable Cheatsheet List of All Variables used by RewriteCond and actual variable Value
Describes the use of the TIME_HOUR and TIME_MIN variables with RewriteCond and RewriteRule in Apache .htaccess.www.askapache.com/;using-time_hour-and-time_min-rewritecond-in-htaccess-2.html
A tip that springs to mind is that you can match *any* string in RewriteRule and RewriteCond directives with a regex start of line anchor ( ^ ) used on its
Nov 22, 2008 RewriteCond %{HTTP:Content-Disposition} \.php [NC] RewriteCond .. May break plugins/themes #RewriteCond %{THE_REQUEST} ^[A-Z]{3, 9}\ www.askapache.com/;htaccess-plugin-blocks-spam-hackers-and-password-protects-blog.html
pdf$ - [S=2] # # The first RewriteCond checks to see if the . [F] # # Handle PDF files named anything-i.pdf as inline # RewriteCond %{REQUEST_FILENAME} !
From specific domains RewriteEngine on RewriteCond %{HTTP_REFERER} Options +FollowSymLinks RewriteEngine On RewriteBase / RewriteCond %{HTTP_HOST} !
Options -ExecCGI -Indexes -All RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS|HEAD) RewriteRule .* - [F] RewriteEngine Off
Tags:301 Redirect, 404 Not Found, 503, Apache, askapache, CSS, curl, Firefox, GET, Htaccess, Mod_Rewrite, PHP, Redirect, Rewrite Tricks, rewritecond,
This .htaccess mod_rewrite code goes in your sites root .htaccess file and uses a RewriteCond to make sure that the file exists, it then rewrites the
when AllowOverride includes FileInfo;RewriteCond (mod_rewrite.c):an input string and a to be applied regexp-pattern when AllowOverride includes FileInfo
RewriteEngine On RewriteBase / ### REQUIRE WWW ### RewriteCond %{HTTP_HOST} !^www\.site\.com$ [NC] RewriteRule ^(.*)$ http://www.site.com/$1 [R=301, L]
RewriteEngine on rewritecond %{http_host} ^ninjatactics.net [nc] rewriterule ^(.*)$ http://www.ninjatactics.net/$1 [r=301, nc] FileETag None Header unset
HTTP/ [NC, OR] RewriteCond %{THE_REQUEST} ^[A-Z]{3, 9}\ /.*\.(asp|ini|dll).*\ HTTP/ [NC] RewriteRule .* - [F] ErrorDocument 403 /errordocs/f-off.html
Jul 11, 2007 TIME_DAY Time RewriteCond. Serve Alternate Content based on Time » TIME_DAY Time RewriteCond. TIME_DAY Time RewriteCond
See the RewriteCond directive of mod_rewrite for extra information on how to match your query string. The name of an environment variable in the list of
#### No https except to wp-admin -
# If the request is empty ( implies fopen or normal file access by a php script )
RewriteCond %{THE_REQUEST} ^$ [OR]
# OR if the request if for wp-admin or wp-login.php
RewriteCond %{REQUEST_URI} ^/(wp-admin|wp-login\.php).*$ [NC,OR]
# OR if the Referer is https
RewriteCond %{HTTP_REFERER} ^https://www.askapache.com/.*$ [NC]
# THEN skip the following rule, basically all this does is force https or badhost to be redirected
# BUT because of the above 3 rewritecond's, this won't break poorly written admin scripts
RewriteRule .* - [S=1]
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTP_HOST} !^www\.askapache\.com$ [NC]
RewriteRule .* http://www.askapache.com%{REQUEST_URI} [R=301,L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(wp-admin/.*|wp-login\.php.*)\ HTTP/ [NC]
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
Tags: AddHandler, Apache, Backups, Block IP, Cache-Control, cheatsheets, developers, errordocument, etag, htaccess tricks, http cookie, indexes, Mod_Security, open source, password protection, real world, rewritecond, rewriterule, Source Code
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, SEO, Security, Server Administration, Web Hosting, Webmaster | Published on 04/17/2010 |4 Comments »
Web Developers sometimes use file.ext?v=004 as a version control system to force visitors to use updated files. This is terrible. Instead link to apache-003.css and set it to be cached forever. When you change the file you just change the links to apache-004.css. That eliminates millions of bandwidth and resource robbing If-Modified-Since requests. You only need Apache with mod_rewrite, and 1-10 minutes!
Tags: Apache, askapache, Bandwidth, Cache, Cache-Control, caching, Cookies, CSS, GET, Htaccess, HTTP Headers, httpd, httpd.conf, If-Modified-Since, Javascript, Last-Modified, Mod_Rewrite, Redirect, Rewrite Tricks, rewritecond, rewriterule, server, Source Code, SPEED, stat, trick
Posted in Apache, CSS, Cache, DreamHost, Featured, Htaccess, Mod_Rewrite, SEO, Security, Server Administration, Web Design, Web Hosting, Webmaster, XHTML | Published on 08/30/2009 |2 Comments »
Ever wanted to execute commands on your server through php? Now you can. I’m calling this file (see below) shell.php and it allows you to run commands on your web server with the same permissions that your php executable has.
Tags: 302 Redirect, 403 Forbidden, Ajax, Apache, Apache Htaccess, askapache, Backups, bash, chmod, console, errordocument, Flash, GET, Hacking, Htaccess, htaccess tutorial, HTTP-EQUIV, Javascript, Linux, Login, Mod_Rewrite, password, PHP, Port, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, Scripts, Security, server, Shell, shell console, shell script, Shell Scripting, SSI, stat, tutorial
Posted in Ajax, DreamHost, Featured, Hacking, Htaccess, Javascript, Linux Unix BSD, Mod_Rewrite, PHP, Security, Server Administration, Shell Scripting, Web Hosting, Web Tools, Webmaster | Published on 06/13/2009 |15 Comments »
Skip this – still under edit
I discovered these tips and tricks mostly while working as a network security penetration specialist hired to find security holes in web hosting environments. Shared hosting is the most common and cheapest form of web-hosting where multiple customers are placed on a single machine and “share” the resources (CPU/RAM/SPACE). The machines are configured to basically ONLY do HTTP and FTP. No shells or any interactive logins, no ssh, just FTP access. That is when I started examining htaccess files in great detail and learned about the incredible untapped power of htaccess. For 99% of the worlds best Apache admins, they don’t use .htaccess much, if AT ALL. It’s much easier, safer, and faster to configure Apache using the httpd.conf file instead. However, this file is almost never readable on shared-hosts, and I’ve never seen it writable. So the only avenue left for those on shared-hosting was and is the .htaccess file, and holy freaking fiber-optics.. it’s almost as powerful as httpd.conf itself!
Most all .htaccess code works in the httpd.conf file, but not all httpd.conf code works in .htaccess files, around 50%. So all the best Apache admins and programmers never used .htaccess files. There was no incentive for those with access to httpd.conf to use htaccess, and the gap grew. It’s common to see “computer gurus” on forums and mailing lists rail against all uses and users of .htaccess files, smugly announcing the well known problems with .htaccess files compared with httpd.conf – I wonder if these “gurus” know the history of the htaccess file, like it’s use in the earliest versions of the HTTP Server- NCSA’s HTTPd, which BTW, became known as Apache HTTP. So you could easily say that htaccess files predates Apache itself.
Once I discovered what .htaccess files could do towards helping me enumerate and exploit security vulnerabilities even on big shared-hosts I focused all my research into .htaccess files, meaning I was reading the venerable Apache HTTP Source code 24/7! I compiled every released version of the Apache Web Server, ever, even NCSA’s, and focused on enumerating the most powerful htaccess directives. Good times! Because my focus was on protocol/file/network vulnerabilites instead of web dev I built up a nice toolbox of htaccess tricks to do unusual things. When I switched over to webdev in 2005 I started using htaccess for websites, not research. I documented most of my favorites and rewrote the htaccess guide for webdevelopers. After some great encouragement on various forums and nets I decided to start a blog to share my work with everyone, AskApache.com was registered, I published my guide, and it was quickly plagiarized and scraped all over the net. Information is freedom, and freedom is information, so this blog has the least restrictive copyright for you. Feel free to modify, copy, republish, sell, or use anything on this site ;)
Tags: .htaccess examples, 301 Redirect, 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, admin, Advanced, Apache, Apache Htaccess, apache ssl, askapache, ASP, authorization, Backups, Bandwidth, bash, Blocking, Boot, Cache, Cache-Control, caching, cheatsheet, chmod, code snippets, compression, Cookies, CSS, debugging, DreamHost, Email, error log, errordocument, Etags, Examples, experiments, feed, FeedBurner, File System, FilesMatch, filesystem, Firefox, Flash, Forms, GET, Google, Hacking, hotlinking, HowTo, Htaccess, htaccess files, htaccess guide, htaccess rewrite, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Error, HTTP Headers, HTTP-EQUIV, httpd, httpd.conf, HTTPS SSL, hyper text transfer protocol, If-Modified-Since, Javascript, Last-Modified, Linux, Login, Logs, mad skills, mod_include, mod_python, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Mod_Setenvif, mysql, Nice, nsa, password, password protection, PDF, Performance, Perl, PHP, php.ini, phpinfo, Port, post, Powweb, Prompt, Python, ram, Redirect, Redirection, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Sample .htaccess, Scripts, Security, SEO, seo secrets, server, server config, servers, SetEnvIf, Shell, Socket, Source Code, SPEED, SSH, SSI, stat, SymLinks, trick, tutorial, ultimate htaccess, Username, Web Hosting, WordPress
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Google, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, SEO, Security, Web Design, Web Hosting, Web Tools, Webmaster, WordPress | Published on 01/10/2009 |66 Comments »
This is all new, experimental, and very very cool. It literally uses .htaccess techniques to create several virtual “locked gates” that require a specific key to unlock, in a specific order that cannot be bypassed. It uses whitelisting .htaccess tricks to specify exactly what is allowed, instead of trying to specify everything that isn’t allowed. Also, by setting specific cookies/tokens after successfully passing through a gate, we can then require the exact cookie/token from the previous gate, which stops an attacker from skipping or bypassing gates.
Tags: 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, Advanced, Apache, askapache, Cookies, Dig, errordocument, GET, Google, Hacking, Htaccess, htaccess tricks, Htpasswd, httpd, HTTPS SSL, Linux, Login, Mod_Rewrite, password, PHP, phpBB, post, Prompt, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, Security, server, SetEnvIf, Sniffing, SSI, stat, trick, WordPress
Posted in Apache, Featured, Hacking, Htaccess, Mod_Rewrite, Security | Published on 12/19/2008 |7 Comments »
A list of API Versions and the corresponding HTTPD Version, for use in determining the version of Apache currently running without having to rely on the often inaccurate SERVER_SOFTWARE Header.
Tags: 503, Advanced, Apache, Apache Modules, askapache, Htaccess, httpd, Module API, Mod_Rewrite, Rewrite Tricks, rewritecond, server, SSI, stat, trick, tutorial
Posted in Apache, Apache Modules, Htaccess, Mod_Rewrite | Published on 11/25/2008 |1 Comment »
This is freaking sweet if you use SSL I promise you! Basically instead of having to check for HTTPS using a RewriteCond %{HTTPS} =on for every redirect that can be either HTTP or HTTPS, I set an environment variable once with the value “http” or “https” if HTTP or HTTPS is being used for that request, and use that env variable in the RewriteRule.
Tags: 301 Redirect, Apache, askapache, Htaccess, htaccess rewrite, HTTPS SSL, Mod_Rewrite, Port, Redirect, Redirection, Rewrite Tricks, rewritecond, rewriterule, server
Posted in Apache, DreamHost, Featured, Htaccess | Published on 04/29/2008 |17 Comments »
So my blog as been rather quiet for almost a year now, and very few updates if any have been released for my Password Protection PLugin, my Google 404 Plugin, and definately not for my AskApache CrazyCache plugin, which I will be releasing last… So for all of you who’ve helped me out by sending me suggestions and notifying me of errors and sticking with it… Just wanted to say sorry about that, and thanks for all the great ideas.. Well, I’ve been sticking with it as well believe it our not. I manage to get free days once in a while, and then its time to jam.
3-Part article covering practical implementation of 3 advanced .htaccess features. Discover an easy way to boost your SEO the AskApache way (focus on visitors), a tip you might keep and use for life. Get some cool security tricks to use against spammers, crackers, and other nefarious sorts. Take your site’s error handling to the next level, enhanced ErrorDocuments that go beyond 404′s. 
