Problem
If you disable a site language of a configured TYPO3 site a redirect is automatically done to the "default" language.
I have configured two languages in my scenario (shortened site config example):
base: 'https://www.alrightsantleit.com/'
languages:
-
title: English
enabled: true
languageId: '0'
base: /en/
typo3Language: default
-
title: Deutsch
enabled: false
base: /de/
typo3Language: de
locale: de_DE.utf8
fallbackType: strict
fallbacks: ''
languageId: '1'
Redirect Check
curl -I https://www.alrightsantleit.com/de fails and leads into error 503
curl -I https://www.alrightsantleit.com/de/ succeeds and lead to status 301 with correct redirect to https://www.alrightsantleit.com/en/
How to fix this problem?
From a technical perspective and the strict routing (since TYPO3 v9 and up) an additional redirect without trailing slash must be added manually.
But is this the right solution for such scenario?
Do I have to force trailing slashes in each request (e.g. by using composer package studiomitte/redirect2trailingslash) by hand?
Is this some missing "feature" of TYPO3 to respect also a configured base without a trailing slash?
Can it be completely ignored and do have internet people learn to add proper trailing slashes when typing urls or when editors of external sites links without trailing slash in their website?
How do you solve that in your project? And what's the correct way to make it error-proof?
A 503 and a 303 is wrong, we would need a 404 in each case. A "hidden" language is exactly like a hidden page = 404 does not exist.
We add two things to all our installations with TYPO3 v9 or higher:
In the site configuration we add the trailing slash:
routeEnhancers:
PageTypeSuffix:
type: PageType
default: /
index: ''
map:
/: 0
And with the .htaccess we enforce the trailing slash for every request:
RewriteRule ^([^\.]*[^/])$ https://%{HTTP_HOST}/$1/ [L,R=301]
With that our URLs always have the trailing slash.
Related
I'm upgrading from HAProxy 1.8 to 2.2 and the command reqirep has been deprecated and removed. I used this previously to automatically add Secure to cookies that weren't previously secure. I want to use the new http-response syntax.
My old code looks like this:
rspirep ^(set-cookie:\ (?:(?!(\ Secure|ASPXAUTH=)).)*)$ \1;\ Secure
This adds ; Secure to any cookie header that doesn't contain Secure or ASPXAUTH=.
I'd like to do the same thing with one of the modern http-response commands.
Here's my initial translation:
http-request replace-header Set-Cookie (.*) %[src];\ Secure if { hdr_reg(Set-Cookie) -i (?!(\ Secure|ASPXAUTH=)) }
# Replace the "Set-Cookie" header
# That contains any value
# With the initial value with "; Secure" appended to the end
# If the cookie doesn't contain " Secure" or "ASPXAUTH=", ignoring case
Is this the right approach? Have you done this successfully?
We ended up with this as a solution. It's not perfect because it will only look for Secure modifier on the end of the Set-Cookie line but it works for what we need.
http-response replace-header Set-Cookie ^((?:.(?!\ [Ss]ecure))*)$ \1;\ Secure
I tried to use:
Behavoir >> URL Alias - "team"
and receive:
http://remax-prestige.pl/typo3-95/index.php?id=team
team is ok, but how I can receive the link without index.php?id=
You need to add a site in the Site Management module. When having a domain and path prefix, TYPO3 can make nice URLs.
You need to add TrailingSlash Settings in your Site Management config.yaml
routeEnhancers:
PageTypeSuffix:
type: PageType
default: '/'
suffix: '/'
index: ''
map:
'/': 0
'sitemap.xml': 1533906435
This works for me.
I am using TYPO3 v9.5 LTS.
The following languages are defined:
0 = en
1 = de
Site Config General:
[base] = /
Site Config Language 0 (EN):
[base] = /en/
Site Config Language 1 (DE):
[base] = /de/
Now when you access the domain without any URL segment for the language, the user gets always redirected to the default language (en) instead if the proper browser language of the user (de).
Am I missing any configuration parameter in order to get a proper language redirect?
Or do I need make any configuration in TypoScript?
Thanks in advance :)
Redirection by user language does not exist in TYPO3 itself, you will need to implement this yourself.
Here is a basic example for an Apache .htaccess:
RewriteCond %{REQUEST_URI} ^/$
RewriteCond %{QUERY_STRING} ^$
RewriteCond %{HTTP:Accept-Language} ^(de|en)
RewriteRule ^ https://%{HTTP_HOST}/%1/ [R=301,L,QSA]
This redirects all basic URLs depending on the browser language. So https://example.org/ will be redirected either to https://example.org/de/ or https://example.org/en/ or kept unchanged if a different language than German or English is preferred. URLs which already have a path (and thus a language segment) won't be redirected as are URLs which have a query string, thus things like https://example.org/?eID=... are not redirected.
TYPO3 v9.5.0 - Error message: Requested page does not exist /robots.txt
I have a TYPO3 9.5.0LTS and use the bootstrap package theme. It seems to be all working ... but quite often I get such error messages:
Core: Exception handler (WEB): Uncaught TYPO3 Exception: #1518472189: The requested page does not exist | TYPO3\CMS\Core\Error\Http\PageNotFoundException thrown in file /is/www/typo3_src-9.5.0/typo3/sysext/frontend/Classes/Controller/ErrorController.php in line 82. Requested URL: domain/robots.txt
What causes this and how to prevent this? Or how do I create a robots.txt in v.9.5 ?
In TYPO3 9.5 you can add a robots.txt in your Sites module.
Sites -> Choose your site -> Static Routes -> Create new.
Static Route Name: select "robots.txt"
Route Type: select "Static Text"
Static Text: Select "robots.txt Example Content"
Save. Should be fixed now.
This will work for all TYPO3 versions. For TYPO3 V9.x use the solution by Thomas Löffler.
Your server configuration (apache? .htaccess?) will hand over any request to a source that is no file and no directory and no symbolic link to the index.php file which is TYPO3.
In your case, you do not have a file robots.txt. So TYPO3 wants to handle it, but has no resource with that name. This creates a 404 error in TYPO3.
To prevent this, jst create the robots.txt file on your webserver in the DOCUMENT_ROOT folder
So what is a robots.txt file anyway.
This is a method to tell search engines how to behave on your server. It contains recomendations to the search engines' crawlers, when to stop crawling (like typo3_src folder). It is requested by the crawlers automatically and regularly.
I want to disable this rule:
[file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:customize_changeset_uuid: a507417f-75f3-434e-ac8c-90b21b3b164d"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"]
For the directory
/var/www/romanpastu/wp-admin
Where should the exception go? In my .htaccess? or the vhost file?
Cause nothing seems to be working.
I'm using apache2
I've tried adding the following in my virtualhost file. However, its still not working
<LocationMatch "/wp-admin/update.php">
<IfModule security2_module>
SecRuleRemoveById 981173
</IfModule>
</LocationMatch>
<LocationMatch "/wp-admin/customize.php">
<IfModule security2_module>
SecRuleRemoveById 981173
</IfModule>
</LocationMatch>
It should be added after the rule is defined in your config. So if you are defining your vhost (including removing above rule) and then load your ModSecurity rules later on in your config then that will not work - it needs to be the other way around.
Also, unless ModSecurity was compiled with the --enable-htaccess-config setting (which is not by default), then you cannot alter ModSecurity rules in htaccess files.
Additionally putting rules within LocationMatch can cause issues. And also wp-admin is exactly the sort of page you want to use ModSecuritg to protect against so carefully consider if you really want to turn off these rules. Please see also my answer to this question for some more information: Apache LocationMatch wildcard for ModSecurity on wordpress site.
So I would suggest using the following instead to only turn this rule off for this argument that's causing you issues:
SecRuleUpdateTargetById 981173 !ARGS:'customize_changeset_uuid'
Note you may need to add similar exceptions if any other arguments cause problems.