When looking at my web server's access & error logs I notice quite a few instances where attackers seem to be fishing for the existence of certain *.php files and I don't actually want to help them with a 404 status message! Rather I'd like to return some happy 200 status and some dummy content for whatever non existing *.php file some idiot hacker tries to call on my site.
Also I don't care to have my error log spammed with respective non-existing php access attempts, e.g.:
[Thu Apr 16 11:42:42.700317 2020] [proxy_fcgi:error] [pid 3318670] [client x.x.x.x:54236] AH01071: Got error 'Primary script unknown\n', i.e. I'd like to redirect before the server feels inclined to report that issue.
What I am looking for is some web server internal redirect for all non-existing *.php files that will respond as if there actually was a respective (dummy) file. My web server access is limited to Plesk and .htaccess so ideally I am looking for something that I can configure via .htaccess
Any suggestions?
seems that adding the below in .htaccess pretty much does what I am looking for by redirecting any non-existing *.php files to _404.php:
# use dummy file for all non-existing .php files
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} \.(php)$ [NC]
RewriteRule ^(.*)$ /_404.php [QSA,L]
</IfModule>
Related
i have a domain on ovh, and so i uploaded all the file via FTP,
but when i want to redirect www.example.com to https://www.example.com/file12345.html it creates a sort of loop which makes i end up on https://www.example.com/file12345.html/file12345.html/file12345.html/file12345.html/file12345.html/file12345.html/file12345.html etc.
I have tried both using the ovh redirection rules and adding an .htaccess file in the root folder with the following code :
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com
RewriteRule ^(.*)$ https://www.example.com/file12345.html$1 [R=301,L]
The problem remains the same. Do you have any solution to that ?
I am working on a Rest Api for my application. This is my application structure
api
-config
-modules
--v1
---controllers
---models
-runtime
-tests
-web
backend
common
console
environments
frontend
I tried runing the following url http://192.168.1.4/~user/urshow/api/modules/v1/web/users
I got a Not found Error. I do have a controller named Users inside controllers folder.
My .htaccess file is like this (which is inside urshow/api/web)
RewriteEngine on
RewriteBase /~user/urshow/api/modules/v1/web/
# If a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Otherwise forward it to index.php
RewriteRule . index.php
I found the solution. I had made some mistakes. First my .htaccess file was incorrect.
i had this line before RewriteBase /~user/urshow/api/modules/web/
i changed it to RewriteBase /~user/urshow/api/web/
also the url which i was trying was also wrong http://192.168.1.4/~user/urshow/api/web/movies/details
correct url is http://192.168.1.4/~user/urshow/api/web/v1/movies/details.
You haven't added the rest of the url to the redirect. Try using this on your last line;
RewriteRule ^(.*)$ index.php$1
I've built a new site for our company, whom I recently started working for, and deployed it on a separate subdomain (http://site.mysite.com) to not interfere with some URLs that need to remain on the old subdomain.
The old HTML site (http://www.mysite.co/site) was, for some weird reason, placed inside the public/ folder of a Zend application, as public/site. We want to redirect this site, which used to be available on http://mysite.com/site folder, to our new site at http://site.mysite.com
I've edited the existing .htaccess file, inside the Zend public folder so it looks like such:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^mysite.com [NC]
RewriteRule ^(.*)$ http://www.mysite.com/$1 [R=301,NC,L]
# These four lines are my only alterations to this file...
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} ^/(apps|site).* [NC]
RewriteRule .* http://site.mysite.com/ [R=301,L]**
RewriteRule ^cart/selectaddress$ https://%{SERVER_NAME}/cart/selectaddress [R,L]
Redirect 301 /photobook-sa http://www.mysite.com/photobooksa/
Redirect 301 /photobook-SA http://www.mysite.com/photobooksa/
Redirect 301 /photobookSA http://www.mysite.com/photobooksa/
RewriteRule ^channel\.html channel\.php
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d [OR]
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^.*$ - [NC,L]
php_value session.auto_start 0
RewriteRule ^.*$ index.php [NC,L]
Header append P3P "CP=\"HONK IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA\""
AddDefaultCharset UTF-8
The idea is to trap http://mysite.com/apps/, http://mysite.com/apps/whatever and http://mysite.com/site/ and redirect these all, unconditionally to http://site.mysite.com
The problem is, the redirection only works for /apps and apps/whatever, not for /site. So I discovered the public/site folder, which strangely hosts the company site as a HTML only site, within a Zend project folder structure.
Problem is, when I delete this folder, the whole mysite.com and www.mysite.com domain fails, but for example mysite.com/apps still manages to redirect to site.mysite.com
So I tried editing public/site/index.php to look as follows:
<?php
header('Location: http://site.mysite.com'); exit;
and it works, but only for a few requests, then I get a server error.
I also tried adding a .htaccess inside public/site/.htaccess with the following:
Redirect 301 http://site.mysite.com
which also, works initially, but then fails with a server error after a few requests?
I have no idea what's up, no clue as to why the virtual host is dependant on the public/site folder to work, which not even mentioned in the virtual host setups.
I grepped all the controllers in the Zend application/controllers folder to try and see if I can find anything that remotely mentions this /site folder, but no matches found.
I'm pulling the hair out of my scalp with this strange behaviour, can someone please help?
Also last point, this is an Amason AWS server, which I'm not entirely familiar with, could it be that this server has something funny going on, that's non-standard in terms of Apache configuration, DNS setup or something mysteriously automagic?
We've not been able to resolve this issue, and unable to figure out why our methods work only for a few minutes. I'm suspecting something weird happening with Amazon AWS.
The only way we could fix, was by adding an index.html inside the culprit /site folder, using a small JavaScript snippet to redirect the site from the client side.
I am running the Perl Dancer framework following the instructions written in Dancer::Deployment for running as a cgi-script. This allows me to display a default page for the '/' route, but I can't seem to do anything beyond that. For example, let's say that I want to request something like http://localhost/myroute and have that handled by the '/myroute' route handler. How would I pull this off?
I am using apache's mod_rewrite to direct my requests. Currently, if I try the above, I end up with a message like "The requested URL /cgi-bin/dancer.cgimyroute was not found on this server." Below is the contents of my .htaccess.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /cgi-bin/dancer.cgi$1 [QSA,L]
</IfModule>
I am running Apache 2.2 on Windows XP with Dancer 1.3030. I understand why I am getting the error message that I am getting. What I am looking for is some sample code for handling the "/myroute" route and perhaps some suggestions regarding any modifications that I should make to my .htaccess file.
The configuration needed a / after dancer.cgi:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /cgi-bin/dancer.cgi/$1 [QSA,L]
</IfModule>
Thanks to Quentin above.
I have a search form on the page and I use GET method to send data to the server, but when I type backslash and click search, I see a 404 error. It is for "\" in URL. How can I prevent it?
http://127.0.0.1:8080/SelfArea/wpzf/public/\
Apache server configuration htaccess file:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
Windows 7, WAMP Server.
Few things to note:
Point 1. Your browser should convert backslash to frontslash. Many browsers have "updated stuff" example: you cannot run direct javascript from address bar anymore in Chrome. However, a good programmer will always imagine a user to be more dumb than monkey, so your question makes perfect sense!
Point 2. If you are accepting parameters then, you might want to strip slashes using:
Stripslashes Function
Point 3. This will not be an issue in Linux system because, windows and linux both have different filing structure. Trust me, it will be ok :)
EDIT:
PS: You might want to test it on linux machine by putting it on "free hosting services"! that is , if you do not have a server already.
There are 2 step to load the page when routing error occurred in laravel :-
Add index.php in url the localhost/project_name/index.php/page_name
Edit apache2.conf from etc/apache2 Do following :-
<Directory /usr/share>
`AllowOverride All`
`Require all granted`
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>`
It will work fine handle all routing error.