I am having problems as some computer from an IP address is trying to access all the files on my server.
How should I change the .htaccess file so that IP address gets NO access at all to any files? And which .htaccess file do I change? It looks like I have one inside each folder.
The basic mod_access module should get you what you need
Order allow,deny
Allow from all
Deny from xxx.xxx.xxx.xxx
Something like that. I dont know the exact syntax. Keep in mind that depending on your exact version of Apache (1.3/2.0/2.2) then the module requirements might be different. I think in 2.2 you need the authz_host module, but in 1.3 its mod_access.
For simple cases, you can try http://wordpress.org/extend/plugins/wp-ban/, which can keep IP or IP range from visiting your blog.
If that's not enough, you can modify .htaccess as follows
Deny from xx.xx.xx.xx/xx
Allow from ALL
Another way, this time using mod_rewrite rules in a .htaccess file.
RewriteEngine on
RewriteCond %{HTTP_HOST} ^123.123.123.123$
RewriteRule ^(.*)$ blocked.html [L,F]
[L,F] means 'stop executing further rules, and return 403 Forbidden as the HTTP status'. blocked.html could contain a message indicating that they've been blocked.
Related
I've just moved my site onto Wordpress, which means the URL structure has now changed. I'd like to use a Rewrite Rule in the .htaccess file to redirect dynamic URLs with multiple IDs in one single statement, but am not having any success. An example is:
OLD URL: example.co.uk/seasons/season.php?ID=1819
NEW URL: example.co.uk/seasons/1819
The statements I have tried in .htaccess are:
RedirectMatch 301 ^/seasons/season.php?ID=(.*).htm$ example.co.uk/seasons/$1
and
RewriteCond %{QUERY_STRING} ^?ID=1$
RewriteRule ^/seasons/season.php$ example.co.uk/seasons/? [R=301,L]
In neither case, the redirect fires. Is there something about a Wordpress .htaccess file that I'm not considering, or is the error with the statements I'm attempting. I'm using .htaccess 301 redirects for http to https and non-www to www without issue.
This is the fixed version of the approach you chose, to make an external redirection:
RewriteEngine on
RewriteCond %{QUERY_STRING} (?:^|&)ID=(\d+)(?:&|$)
RewriteRule ^/?seasons/season\.php$ https://example.co.uk/seasons/$1 [R=301,QSD]
Since both, the old and new URLs use the same host name you can simplify that:
RewriteEngine on
RewriteCond %{QUERY_STRING} (?:^|&)ID=(\d+)(?:&|$)
RewriteRule ^/?seasons/season\.php$ /seasons/$1 [R=301,QSD]
It is a good idea to start out with a 302 temporary redirection and only change that to a 301 permanent redirection later, once you are certain everything is correctly set up. That prevents caching issues while trying things out...
These rules will work likewise in the http servers host configuration or inside a dynamic configuration file (".htaccess" file). Obviously the rewriting module needs to be loaded inside the http server and enabled in the http host. In case you use a dynamic configuration file you need to take care that it's interpretation is enabled at all in the host configuration and that it is located in the host's DOCUMENT_ROOT folder.
And a general remark: you should always prefer to place such rules in the http servers host configuration instead of using dynamic configuration files (".htaccess"). Those dynamic configuration files add complexity, are often a cause of unexpected behavior, hard to debug and they really slow down the http server. They are only provided as a last option for situations where you do not have access to the real http servers host configuration (read: really cheap service providers) or for applications insisting on writing their own rules (which is an obvious security nightmare).
I have a wordpress site on an apache server on AWS. I would like to redirect a user to a specific url if the user's IP is coming from China. My questions are:
Where do I set up this redirect? Options that I am thinking of are: tweaking apache config files, or editing certain php files in the wordpress application, or installing some wordpress plugiin.
How do I know if a user's IP is coming from China using code? I can look up an individual IP on the internet one by one to geo locate it, but how do I determine at runtime?
Thanks!
Please install IP2Location Apache Module
Update .htaccess file as follows:
RewriteEngine On
RewriteCond %{ENV:IP2LOCATION_COUNTRY_SHORT} ^CN$
RewriteRule ^(.*)$ http://www.redirecturl.com [L]
I am no expert on apache conf files, but I am reasonably familiar with them. A security plugin I have installed on one of my wordpress sites (https://ithemes.com/security/) makes edits to an .htaccess files in order to enforce automated IP bans (for example, if you have too many failed login attempts in a short period of time). Here is the block that it generated: (xxx added by me for the IP address)
<IfModule mod_authz_core.c>
<RequireAll>
Require all granted
Require not env DenyAccess
Require not ip xxx.xxx.xxx.xxx
</RequireAll>
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from env=DenyAccess
Deny from xxx.xxx.xxx.xxx
Allow from all
</IfModule>
Now, this causes the site to bomb out with a 500 error. The error I get in my log is
Expected </RequireAll>> but saw </RequireAll>
(Note the extra trailing >). And, lo and behold, if I add an extra >, the site works again.
What syntax rule is at play here? Why on earth do I need the extra > in a closing tag? Why would the (popular and genreally respected) plugin be generating an invalid .htaccess? Since this looks so wrong to me I'm inclined to believe I have some obscure server setting or an outdated apache or something causing this. Any insight would be much appreciated.
Using Apache/2.0.46
We've tried a few things that we found around Google for this, but can't seem to get anything to work.
The Problem
We have a server with around 500 Wordpress websites on it. We're trying to lock down all the wp-login.php pages for every instance to the IP address of our office using a global htaccess - but the individual Wordpress htaccess files are overriding this.
The Environment
We're hosted on an AWS Linux server running Plesk to manage each website / Wordpress instance.
The Question
Is there a way we can set one htaccess file on the server to lock down all of the Wordpress login pages without the individual htaccess files overriding this?
any help or suggestions for a good way to do this, would be appreciated.
Thanks in advance
I assume that you have read up on the RewriteOptions directive. As I explain in Tips for debugging .htaccess rewrite rules and as you have found with WP which generates its own .htaccess files, by default the current path is scanned for .htaccess and the rewrite rules in the lowest are applied unless a higher one specifies a RewriteOptions Inherit in which case it's rules are executed after rules specified in the child scope, and this is the catch-22 in that WP access file generates a [L] flag on all its execution paths preventing the parent rules from firing.
So the answer is to do this with an Apache mechanism other than rewrite and you can use the SetEnvIf directive:
SetEnvIf Remote_Addr "!^192\.168\." forbidden
<Files *>
Order allow,deny
Allow from all
Deny from env=forbidden
</Files>
or
SetEnvIf Remote_Addr "!^192\.168\." forbidden
<Directory /var/www/wproot>
Order allow,deny
Allow from all
Deny from env=forbidden
</Directory>
Clearly you'll need to change the Regexp to your local needs but this should do the biz. The Apache docs give other variants on this, but you should be able to find one which works in your case. Just put this in the a per-virtual server context -- within a Directory(Match) directive if necessary -- or in a common parent directory .htaccess file.
I ended up getting this to work with your first suggestion, but actually without the SetEnvIf line being required, so thanks very much! this was my .htaccess in the /var/www/vhosts folder for anyone else needing this:
<files wp-login.php>
order deny,allow
deny from all
Allow from xxx.xxx.xxx.xxx
</files>
Nice and simple and completely different from the previous routes I was trying to take for this.
A have a custom website based on apache/php. I also have a wordpress blog and I would like it to be hosted in a different server.
I have tried to create a sub-domine like http://blog.mydomine.com but i would like to keep the old address (http://www.mydomine.com/corp/blog) for SEO purposes. I added the following configuration tu my .htaccess file.
RewriteCond %{REQUEST_URI} ^/corp/blog
RewriteRule ^(.*)$ http://blog.mydomine.com/$1 [L]
I would like to know if I can tell apache not to change the browser address after redirect the request. I know that I could do a 301 redirection but i would prefer to keep the old address.
Any ideas? Thanks in advance!! :)
Use the P flag
http://httpd.apache.org/docs/current/rewrite/flags.html#flag_p
RewriteRule ^(.*)$ http://blog.mydomine.com/$1 [P]
You could try a reverse proxy...
ProxyRequests Off
ProxyPreserveHost on
ProxyPass /corp/blog http://blog.mydomine.com/
ProxyPassReverse /corp/blog http://blog.mydomine.com/
ProxyPassReverseCookiePath /corp/blog /
This requires mod_proxy be installed and enabled.
Note that this will only work in the following contexts per the apache doc: server config, virtual host, directory - this means that putting it in a htaccess file won't work.
What you're wanting isn't really possible. It's not Apache that's displaying the address, it's the web browser, and there's no way (thankfully) to tell a web browser "go to site A, but tell the user it's site B."
You could fake this behavior using a frame page on your main site, but since you're wanting this for SEO I don't think that would help.