magento2.4 – Magento 2.4 move to /pub/ folder, redirects in .htaccess now prepend /pub/. Where are rewrite rules supposed to go now?

So, I have a rewrite rule that is supposed to redirect an old URL to a new one:

RewriteRule ^(.*)/-/manufacturers/(.*)$ $1/manufacturers–$2 (R=301,NC)

This is located in the .htaccess for the domain (though I’ve tested it in the /pub/.htaccess as well with no luck). However, when this rule is present in the .htaccess file, the URL doesn’t become domain.com/category/manufacturers–name.html. Instead, it becomes domain.com/pub/category/manufacturers–name.html. Furthermore, all URLs, including those not containing manufacturers, suddenly gets /pub/ prepended.

Where am I supposed to set up rewrite rules if not in the domain’s root .htaccess?

htaccess – Using “wordpress_logged_in” to restrict direct access to uploads folder in 2021

Check to see if a person is logged in:

<IfModule mod_rewrite.c>
    RewriteCond %{REQUEST_FILENAME} (.*)
    RewriteCond %{HTTP_COOKIE} !wordpress_logged_in_((a-zA-Z0-9_)*) (NC)
    RewriteRule .* - (F,L)
</IfModule>

The same applies as it did 10 years ago. This code in .htaccess doesn’t have anything to do with how WordPress might be setting cookies. And this does not “check to see if a person is logged in”. It simply checks that a string that matches the regex wordpress_logged_in_((a-zA-Z0-9_)*) does not appear anywhere in the Cookie header. The “problem” here is that anyone can create a request that passes a value in the Cookie header that passes your test. Since it is well known that WP sets such a cookie then it is not difficult to guess.

The only way to check that the request is “logged in” to WordPress is to use PHP.


Aside: The first RewriteCond directive that checks against REQUEST_FILENAME is superfluous since it simply checks against anything. The NC flag on the second condition should not be used in such checks, since you are now unnecessarily increasing the range of strings that would pass the test (eg. wOrDpReSs_LoGgEd_In_ would pass). Consequently, including A-Z in the hash portion is unnecessarily – the hash is always lowercase (and always 32 chars long AFAIK). The L flag is not required when used with the F flag (it is implied) and the regex .* will block all requests if that cookie does not exist, not just access to the WordPress uploads folder. You should also avoid using the <IfModule mod_rewrite.c> wrapper for anything security related, since a “failure” in your server config (ie. mod_rewrite being erroneously disabled) would allow unrestricted access, instead of breaking with an error (which would be preferable).

So, the above should be written like this:

RewriteCond %{HTTP_COOKIE} !(?:^|;s)wordpress_logged_in_(a-z0-9_){32}=
RewriteRule ^wp-content/uploads/ - (F)

The regex (?:^|;s)wordpress_logged_in_(a-z0-9_){32}= specifically checks for that cookie name (more specific), rather than a string that occurs anywhere in the Cookie header (too general).

(Although, to clarify, this is really no more “secure” than the original code snippet.)

linux – How to create a Wildcard 301 redirect using .htaccess

I want to create a rule using using .htaccess file, to redirect some links that changed because a removed a mod in my phpbb forums, beacuse that mod was not working anymore with an update en phpbb

My urls needs to go from this, to this, just like this examples:

example-title-vt4713.html TO THIS: viewtopic.php?t=4713
another-example-vt7795.html TO THIS: viewtopic.php?t=7795
just-anothet-example-vt9415.html TO THIS: viewtopic.php?t=9415

Any idea?

Thank you

linux – lighttpd security without htaccess

I have a webserver with limited resources and therefore I decided to use lighttpd as my webserver software. However, I notices now that it does not recognizes apache .htaccess files.
Most of the software I use and opensource scrips have plenty of .htaccess files in several directories. So I am nervous that I might unintentionally open security holes.

So my question would be, do I create myself issues on using lighttpd that does not use htaccess. Are there security issues I am facing when using standard open source software that is optimized for htaccess files?

I try to assess if it is better to go back to Apache 2.4. I only used lighttpd because I thought it would be less heavy on my limited resources.

Thank you for the advice on this

Best wishes,
Thomas

.htaccess – Como forzar https con htaccess

Estimados estoy intentando forzar el certificado SSL con https, pero estoy teniendo inconvenientes

Si en mi navegador escribo http://ecuservicechile.cl o ecuservicechile.cl si soy redireccionado a https://ecuservicechile.cl/, pero si escribo www.ecuservicechile.cl soy redireccionado a https://www.ecuservicechile.cl/ con lo cual tengo problema con los estilos y con los demás elementos como imágenes o iconos.

Como puedo forzar correctamente el https para que funcione en los 3 casos, estoy usando las siguientes reglas en htaccess

RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://ecuservicechile.cl/$1 (R=301,L,NE)
Header always set Content-Security-Policy "upgrade-insecure-requests;"

htaccess – What solutions are out there to have live refresh actually working with Xampp?

I’m using Xampp portable and whatever I try, I can’t get live refresh to work, tried with Brackets experimental preview, tried with VS Studio Liver Server 5.1 extension, tried with Atom.

I took half a day trying to get this going…with hard refresh, auto refresh extensions etc…I’ve pasted code from various posts in .htaccess

I takes a full minute to see the changes when I work on the site, and the auto refresh Google chrome extension is set at 1 second interval. Tried Firefox, tried Canary also. Got into about:config, and turned off all possible cachin settings.

I can’t work like this! If I need to wait a full minute per change for testing, makes no sense.

What solutions would work to develop with Xampp and wordpress and see your changes when you refresh the page?

installing – How do I avoid overwriting the .htaccess file when I use the Compose command?

On my new Drupal 9 website, I customized the .htaccess file and the robots.txt file

I don’t want its files to be overwritten when updating with Composer.

I added the lines below in my composer.json file but the .htassess file is overwritten every time. What’s wrong with my code ? Thank you

"extra": {
    "drupal-scaffold": {
        "locations": {
            "web-root": "./"
        },
        "file-mapping": {
            "[web-root]/.htaccess": false,
            "[web-root]/robots.txt": false
        }
    },
...

.htaccess subdomain redirect www to non-www

I searched a lot and tried previous answered questions but could not fix my problem. Imagine I have a subdomain named a.test.com I have the following .httaccess in its folder

DirectoryIndex disabled
RewriteEngine On

RewriteRule ^$ http://127.0.0.1:9000/ (P,L)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ http://127.0.0.1:9000/$1 (P,L)

This file is working and is redirecting all the requests from a.test.com to the localhost:9000 and everything is fine. But the problem is with www.a.test.com which does not work. I tried the following commands


RewriteCond %{HTTP_HOST} ^www. (NC)
RewriteRule ^ http://%1%{REQUEST_URI} (L,NE,R=301)

and

RewriteCond %{HTTP_HOST} ^www.a.test.com (NC)
RewriteRule ^(.*)$ http://a.test.com/$1 (L,R=301)

but none of them woks. I cannot debug the problem on the server to find out why those redirect rules does not work. I appreciate it if you help me with this issue.
thanks

htaccess – Rewriting subfolders to specific parent folder in WordPress

I have created one page with name /parent/ and assigned new template template-parent.php that has some 3rd party software showing via JavaScript. I need to rewrite all subfolders to this parent so when someone tries to access

domain.com/parent/something

the url will remain the same, but he will be pointed to domain.com/parent/ so that loaded scripts could process the request.

The code should be something like this

RewriteRule ^(parent)/(.+)$ /$1/ (QSA,L)

but I am not sure where to put it, should I use .htaccess or put it in functions.php
If in htaccess, then will it be before, after or in the middle of wordpress code.