All geek questions in one place

Exclude specific subdomain or subdomain in htaccess RewriteRule

I save dynamic content and static content in different subdomains for my web application, but I recently found out that if directly called dynamic content can be viewed on my static subdomain (www.) Or not at all.

URL structure:

http(s)://(subdomain).(domain).(tld)/(static page) OR (direct/random hash) OR (secure/random hash)

All static content is accessible via "WWW", which leads to my SEO friendly domains, such as

 http(s)://www.domain1.com/about http(s)://www.domain1.com/ http(s)://www.domain2.com/about http(s)://www.domain2.com/

While dynamic content viewed through a web application will be accessible from a domain such as

 http(s)://dynamic1.domain1.com/direct/randomhash http(s)://dynamic2.domain1.com/direct/randomhash http(s)://dynamic1.domain2.com/direct/randomhash http(s)://dynamic2.domain2.com/direct/randomhash

This is my current .htaccess file

Rules for rewriting dynamic links, where the URI starts with secure or direct , as well as any file extensions in the index.php file.

 Header set Connection keep-alive <IfModule mod_dir.c> DirectorySlash Off </IfModule> <IfModule mod_rewrite.c> RewriteEngine On RewriteRule ^index.php - [L] RewriteRule ^(secure|direct) /index.php [L] RewriteCond %{REQUEST_URI} !^/server-status RewriteCond %{REQUEST_URI} !^/public/cache RewriteRule !\.(png|gif|css|jpg|zip|js|html|htm|swf|ico|fon|ttf|otf|svg|woff|woff2|eot)$ /index.php [L] </IfModule>

This currently works, but my problem is that if the user simply changes the subdomain from the one used for dynamic content for the WWW, it will still work and will cause the dynamic content to be accessible from my fake SEO subdomain .

I hope that I can edit this RewriteRule ^(secure|direct) /index.php [L] rule so that it is excluded if there is an active www. domain www. or not a subdomain together, still working if the domain or subdomain is something else.

That is, the subdomain or domain will still be wildcards if the subdomain is www.

I assume that I need to add %{HTTP_HOST} to RewriteRule ^(secure|direct) /index.php [L] and use a regex to resolve any additional domain, domain and tld, but I'm not sure how to exclude if An HTTP host starts with www. or not a subdomain at all.

My ultimate goal is that the secure and direct paths cannot be viewed using www. or without a subdomain when working with any other subdomain / domain.

+5
source share
2 answers

You can use:

 RewriteCond %{HTTP_HOST} ^(?:www\.)?[^.]+\.[^.]+$ [NC] RewriteRule ^(secure|direct) /index.php [L]
+6
source

You must add a condition to the rule that handles β€œsafe” and β€œdirect” requests, so that they should only come from subdomains that you map, not www.

 RewriteCond %{HTTP_HOST} ^dynamic[0-9]+\.[az]+ RewriteRule ^(secure|direct) /index.php [L]

Thus, only requests that have subdomains matching this rule will be rewritten in a PHP script. If the user changes the subdomain back to www or to something else that does not match the template specified in the condition, then the request will not find its path to the PHP script.

If your names for dynamic subdomains are really random, just use something else that you know about them, so that "www" does not match, for example, if they have at least four characters, then this template will work:

 RewriteCond %{HTTP_HOST} ^[^.][^.][^.][^.]+\. RewriteRule ^(secure|direct) /index.php [L]

because the string is 'www.' does not match a pattern starting with four or more non-dots, and then a dot.

+3
source

Source: https://habr.com/ru/post/1273699/

More articles:


All Articles