I am trying to get mp4's to download immediately when they are opened. And I've succeeded at that. However, I'm also trying to make this happen, only when the link is accessed from a specific subdomain. I run a Wordpress Multisite
I've run the following code in the Ifmodule to no avail. All the videos download immediately, no matter where they are accessed from. I'm pretty sure I'm using the conditioning wrong, but I can't find a good example of how to do this.
RewriteCond %{HTTP_HOST} ^www\.subdomain.example\.com$
<FilesMatch "\.(mp4|MP4)">
ForceType application/octet-stream
Header set Content-Disposition attachment
</FilesMatch>
Thanks for reading! (Double thanks for any help.)
Put the FileMatch directive in the vhost configuration for your domain. So, if the file sub.conf contains information about www.subdomain.example.com, you just have to add the following there:
<FilesMatch "\.[mM][pP]4">
ForceType application/octet-stream
Header set Content-Disposition attachment
</FilesMatch>
Related
I have a WordPress website hosted on a LiteSpeed server via the Hostinger platform.
I have a file called stellar.toml at www.example.net/.well-known/stellar.toml. The WordPress file manager plugin tells me the file's kind is Plain text.
But if I type its URL I get a download started, I need instead to have the file's text prompted on the screen.
Does anyone know how I can fix this issue?
Thanks in advance!
Create a .htaccess on your .well-known folder:
<IfModule mod_rewrite.c>
<FilesMatch "^stellar\.toml$">
AddType text/plain .toml
</FilesMatch>
</IfModule>
I have a website www.1.com which access to font on a subdomain sub.1.com
When I load the page, I have the famous "blocked by CORS policy, no access-control-allow-origin."
So, I add in the root of my subdomain a .htaccess with :
<FilesMatch ".(eot|otf|ttf|woff|woff2)">
Header always set Access-Control-Allow-Origin "*"
</FilesMatch>
I tried with mod_header.c and other.
But none work !
What did I wrong ?
Thank you for your help, I know there is a lot of question regarding CORS, but I really do not understand what I'm doing wrong...
Looks like you need to replace 'set' with 'add' and remove 'always'.
Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT"
You could also set the headers in wordpress functions.php file like so
function add_cors_http_header(){
header("Access-Control-Allow-Origin: *");
}
add_action('init','add_cors_http_header');
Both of these should get you taken care of.
When I copy my wordpress installation from server to a local webserver (MAMP) and try to access localhost:8888, it always redirects http to https. So I always get an ERR_SSL_PROTOCOL_ERROR.
I can't find the setting for this anywhere – neither in the database nor somewhere else in the wordpress files. Can anybody help?
Make sure that WP_HOME and WP_SITEURL are set to addresses that start with http, not https.
These settings should be located in wp-config.php.
define('WP_HOME','http://localhost:8888');
define('WP_SITEURL','http://localhost:8888');
Make sure you aren't telling WordPress to force SSL for admin and login.
define('FORCE_SSL_LOGIN',false);
define('FORCE_SSL_ADMIN',false);
I tried all the above suggestions and nothing worked. In my case some plugin was probably causing this. It started working after disabling the plugin directory by renaming it to 0_Plugins.
Now I have to manually figure out which of the plugins was causing this.
Thanks for the other tips.
You need to change .htaccess file in the root of project.
Change it to this code if you want to force Http :
# BEGIN Force HTTP
RewriteEngine On
RewriteCond %{SERVER_PORT} 443
RewriteRule ^(.*)$ http://yourdomain.com/$1 [R=301,L]
# END Force HTTP
Just add this in wp-config file
define('FORCE_SSL', false);
define('FORCE_SSL_ADMIN', false);
In addition to some of the other answers here, one thing to check that isn't mentioned is is the use_ssl meta value in the usermeta table.
Regardless of anything else, if it's set to 1, then it will redirect to SSL.
This applies only if you're already signed in, so could explain a discrepancy between main browser window and incognito/private.
Check the auth_redirect function for other causes of redirect.
I am setting up a WordPress site in a subdomain. The subdomain will be in a subdirectory of the main directory.
So http://dl.abc.com will be in the folder /public_html/dl/
Within there is going to be the wp-admin folder when WordPress is installed:
/public_html/dl/wp-admin/
That wp-admin folder we wanted to block anyone trying to access it (or any files/subdirectories contained within) except those users from Australia and Singapore.
Is this the correct way to go about it? (I suspect a caveat is any plugins that make ajax requests by calling admin-ajax.php won't work properly?)
<ifModule mod_geoip.c>
GeoIPEnable On
# Put countries to allow here
SetEnvIf GEOIP_COUNTRY_CODE NZ AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE SG AllowCountry
Deny from all
Allow from env=AllowCountry
</ifModule>
Second question is how can we go about doing the same thing with the wp-login.php file that will be installed within the /public_html/dl/ folder?
Will this work if we put it in the .htaccess file within the /public_html/dl/ directory? Or is there a better way?
<Files "wp-login.php">
<ifModule mod_geoip.c>
GeoIPEnable On
# Put countries to allow here
SetEnvIf GEOIP_COUNTRY_CODE NZ AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE SG AllowCountry
Deny from all
Allow from env=AllowCountry
</ifModule>
</Files>
?
And lastly, I'd like to have a bit of additional "security through obscurity" in that for both examples above I'd rather return the "404 not found" error instead of the denied error.
What's the best way to do that?
Unfortunately we don't have any sort of dev/test server to try things out with first, so want to get this as close to perfect as possible the first time through.
Thank you.
_
htaccess - deny directory based on geolocation
check this url :https://mediatemple.net/community/products/dv/204643270/using-htaccess-rewrite-rules
To answer your second question, according to this page:
https://www.askapache.com/htaccess/using-filesmatch-and-files-in-htaccess/
you can surround other directives with the <Files></Files> or <FilesMatch></FilesMatch> directive:
"The directive limits the scope of the enclosed directives by
filename. It should be matched with a directive. The
directives given within this section will be applied to any object
with a basename (last component of filename) matching the specified
filename. sections are processed in the order they appear in
the configuration file, after the sections and .htaccess
files are read, but before sections. Note that can
be nested inside sections to restrict the portion of the
filesystem they apply to."
So essentially it seems that what you have stated already should work.
Which version of the application are you using?:
WordPress 4.8.2
Please choose how you got the application: Installer (Windows, Linux, macOS), cloud image (AWS, GCE, Azure, ...) or VM (VMDK, VBOX):
google cloud
Have you installed any plugin or modified any configuration file?:
wp super cache
Describe here your question/suggestion/issue (expected and actual results):
CDN can not hit my resource on edge server because of the vary header setting.
how to disable the vary:cookie?
You can unset the header in the /installdir/wordpress/conf/httpd-app.conf
file by adding the following:
<IfModule mod_headers.c>
Header unset Vary
</IfModule>
Hope it helps,
Michiel D'Hont
You could add it in the following way:
<IfModule mod_headers.c>
Header unset Vary
Header append Vary: Accept-Encoding
</IfModule>