Use RewriteRule conditionally based on wp.com is making the request - wordpress

I am using the following to prevent unauthorized access to files. (This is an .htaccess question, but may also require familiarity with WP Jetpack)
RewriteRule ^wp-content/uploads/archive/(.*)$ /wp-content/plugins/paid-memberships-pro/services/getfile.php [L]
It redirects request for files through a module that checks to see if the requestor has access.
The problem is that a specific requestor, Wordpress Jetpack is locked out and I want to let them in to generate thumbnail images.
If you are familiar with Wordpress Jetpack, you know it generates image thumbnails such as http://i0.wp.com/www.example.com/wp-content/uploads/archive/2015/10/SH3_2173.jpg
To solve this, I assume I need two pieces of information:
How to identify when Jetpack is the one making the request (perhaps it is identified as coming from the wp.com domain?)
How to exclude a specific entity (e.g. wp.com) from the above RewriteRule
Part 1 is really a WP Jetpack question, and part 2 is an .htaccess question; so not sure the best place to post this, but I felt keeping them together would be helpful for context.

I solved it with this:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} !Photon.+ [NC]
RewriteRule ^wp-content/uploads/(.*)$ /wp-content/plugins/paid-memberships-pro/services/getfile.php [L]

Related

htaccess make urls respond from /index.json as well as /

I have a Wordpress site that responds with JSON to every request, i.e. the following pages:
/
/about
/about/team
All respond with json. The htaccess file looks like this:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
I'd like to keep what I have now, but also respond with the same data when index.json is added to the url:
/index.json
/about/index.json
/about/team/index.json
How can I update my htaccess to also respond to these urls in the same way?
Based on what #MrWhite said in comments (gonna quote here, because comments might get removed later),
However, the "problem" here is WordPress. WP routes URLs based on the REQUEST_URI, which does not change during a URL rewrite. So you really need to implement this within WordPress itself.
you could probably just “reset” the value of $_SERVER['REQUEST_URI'] in PHP, if it ends with /index.json. (Relatively easy string manipulation / regex job.)
The remaining problem would just be to figure out a “correct” way to do this – I guess trying to do this via any hooks from inside the theme’s functions.php or a plugin, might be too late. You can give that a try anyway, if you like - the order of hooks as described here is what I would go by, https://wordpress.stackexchange.com/a/162869
The init hook is pretty far down, even after the current user was determined, etc. – but maybe plugins_loaded or setup_theme might be suitable for stuff like this.
If that doesn’t work, still some possible alternatives:
If you can influence the PHP configuration, auto_prepend_file would allow you to specify a script that gets automatically run before anything else PHP does - so you could fix the value before the index.php code even executes.
You could write your own little “wrapper” file, say index2.php, that fixes the value, and then simply includes the original index.php afterwards. Only problem with that - you probably wouldn’t want to change the default WP rewriting between the BEGIN and END WORDPRESS comments in the .htaccess, because WP will overwrite that part, when you flush your permalink settings. But an additional internal rewrite of index.php to index2.php after, could probably solve that.
If mod_proxy is available, you could proxy the request internally. Probably not the best in terms of performance, but at least an alternative to an external rewrite, if you wanted to avoid that at all cost.

url masking via htaccess rewrite is not working

Not sure if this is the right section of Stackoverflow to ask my question...
But here it is:
So I am using the below on the .htaccess file:
RewriteEngine On
RewriteRule ^sale?$ /discount-page/
So that when people visit example.com/sale page, they see content from example.com/discount-page/
But when I visit example.com/sale it shows 404 error saying that the URL /discount-page is not available on this server...
Why is it happening?
Here's how my entire .htaccess file looks like:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Can anyone help please?
When using WordPress, you can't simply rewrite the URL in .htaccess to the %postname% (the real URL) since WP still looks at the REQUEST_URI in order to route the URL. Even though you are rewriting /sale to /discount-page/ (the actual URL), WordPress sees /sale (the requested URL) - which doesn't exist inside WP; hence the 404.
Although not your intention, you could change this to an external redirect to get around this problem (which also avoids a potential duplicate content issue). For example:
RewriteRule ^sale$ /discount-page/ [R,L]
(I removed the ? in ^sale?$, as that does look erroneous. Or do you really want to match /sale or /sal?)
Alternatively, you could try rewriting to the underlying "plain" permalink. ie. explicitly pass the %post_id%. This is different to rewriting to the %postname%, since WP shouldn't need to check the REQUEST_URI in order to route the URL. For example:
RewriteRule ^sale$ /index.php?p=123 [L]
Where 123 is the %post_id% of your discount-page. By rewriting directly to index.php, you are effectively bypassing WP's front-controller.
Note that this must go before the standard WordPress directives in .htaccess (aka the front-controller).
However, I still feel there should be a more WordPress-like way of doing this, which is why I initially suggested asking this question over on the WordPress Stack. However, if you do that, don't mention ".htaccess". What you are really creating is a URL alias or something like that. For example: Have two different URLs show the homepage

WordPress htaccess - redirect http to https

I was wondering if someone could help us out with this one.
We have a site that has lots of insecure links in various pages across the site. Some pages are also including images from http sources and not https.
An example page is here: https://mindfulpresenter.com/mindful-blog/the-10-most-important-things-in-presenting-today/ - on here you will see that there are some links to http pages and the page is sourcing an image from http.
I was hoping that all of these issues can be resolved by making changes to the htaccess file.
The current htaccess file looks like this:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Can the issues be resolved by making changes to the htaccess file? If so, what do I need to add to it?
Many thanks
James
It appears, that the links are in the content of your pages / posts which is stored in the database as text. I recommend doing a search & replace to achieve a "clean" state.
There are some plugins that parse the content and create those links dynamically but i don't think that is the most elegant solution.
There are a lot of plugins that may help you. I use SSL Insecure Content Fixer on my website and it works great.
You can, in fact, modify the contents of the page as it is being served, using mod_substitute: https://httpd.apache.org/docs/current/mod/mod_substitute.html
In particular, you'd do something like:
Substitute s/src="http:/src="https:/i
See the mod_substitute docs for further information and examples.
I found a 'Search and Replace' plugin for WordPress which searched the database and replaced all of the HTTP entries.

Modify friendly URLs generated by default in Wordpress (via .htaccess)

I have a website done in Wordpress and I need to make some changes in the fiendly URLs.
I’ve created a page from the admin panel named detail, this page reads the template file detail.php from the templates folder.
The URL that is currently mounted is http://www.domain.com/detail/1234/ and I need that it could be accessed as http://www.domain.com/anything/1234/.
The following lines have been generated by Wordpress but I don’t understand them and I don’t know how to modify them for my purpose:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
First you should really understand what those rules are doing and what you really want to achieve. Then you can try to change the system to fit your needs.
IfModule ensures everything inside is processed only when mod_rewrite Apache module is present. All the other directives are from this module.
RewriteEngine On enables URL rewriting.
RewriteBase / tells the engine that the rules operate inside root. See also the general question on how RewriteBase works.
RewriteRule ^index\.php$ - [L] means that no more rules should be processed ([L]) if the current URL to be rewritten is index.php. No rewrite takes place. RewriteRule directive accepts a regex. See also regex tag here on SO.
All RewriteCond directives apply to the following RewriteRule. Unless [OR] flag is added, they must be all satisfied at the same time to execute the rule. In this case they mean:
Requested resource is not a regular file.
Requested resource is not a directory.
Rewrite any (at least one character long) URL to index.php. This is the last ([L]) rule to be processed.
When adding new RewriteRules, you probably want to use the WordPress way of doing this, as described in Zac’s answer. Figuring out the right rule by analogy to the many examples in the manual or here on SO should not be hard.
Put into functions.php maybe a better idea:
functions.php
function setRewriteRule($orgRules){
return array( '/([^/]+)/([0-9]+)/?' => 'index.php?post=$matches[1]' ) + $orgRules;
}
add_filter('rewrite_rules_array', 'setRewriteRule');
Then you just need flush the rewrite rules, I usually use 'rewrite-rules-inspector' plugin.
This should solve your problem give it a try ... you can write your own custom permalink without adding any code also if someone tries to access the page via old URL they will be redirected to the new one.
WordPress Custom Permalinks
After installing this you just have to go into pages and type your own URL below the heading

htaccess mod rewrite rule to over-ride cakephp controller

I have a site running cakephp and also a wordpress site together in the same root directory. I have the following issue. Wordpress is served requests first such that a url for the homepage will be routed through wordpress' index. Now our cakephp code includes a list of controllers that manage some special features of our site. We have a rewrite rule that looks as followed RewriteCond %{REQUEST_URI} !^/users. This allows urls like www.example_site.com/users to hit our cakephp framework instead of generating a 404 error when wordpress cannot find this page.
This rule bypasses the wordpress routing so that the request can be sent to cakephp. We are using a similar rule for each of our cakephp controllers. The issue is that we used to have a wordpress plugin that had a users page. This users page appended arguments to the url as followed www.example_site.com/users/some_dudes_username. Some links to these user pages are still indexed by google or in peoples bookmarks, so what is happening is the rewrite rule we wrote causes these to bypass wordpress (instead of 404ing there like it used to) and instead they hit cakephp and 404 there. I am thinking through how to make it so that any of our cakephp user controller functions are correctly redirected to (there are only a few so white-listing seems like the way to go), but any other request to the user controller for actions that will not exist like www.example_site.com/users/some_dudes_username would redirect to our FAQ page. I have the following white-list code which seems to work, but I cannot figure out how to correctly redirect everything else:
RewriteCond %{REQUEST_URI} !^/admin/users
RewriteCond %{REQUEST_URI} !^/users/login
RewriteCond %{REQUEST_URI} !^/users/admin_login
RewriteCond %{REQUEST_URI} !^/users/logout
RewriteCond %{REQUEST_URI} !^/users/admin_logout
RewriteCond %{REQUEST_URI} !^/users/admin_index
# Then I need a rewrite rule to take everyone else to the FAQ page.
Thank you to anyone that can help.
I am not sure I totally understand your issue, but it sounds like you need a RewriteRule like this:
RewriteRule ^/users/.*$ /URI/to/faq.html [R]
This rule should be right after your RewriteCond since the conditions only apply to the rule right after them.
Hope this helps.

Resources