In most of these files, there are no important rules except
Order deny,allow
Deny from all
And these two directives are not read by OpenLiteSpeed, as OpenLiteSpeed has its own mechanism to deny access.
But if there are any important rules in sub-directories contexts are your best chance. If I take an example of WordPress installation in sub-directory such as “cyberpanel”
Coming back to Prestashop, important rules are already in doc root of PrestaShop installation, but if PrestaShop is in sub-directory you can use contexts.
But if you think there is any important .htaccess file in sub-directory with PrestaShop, you can surely use contexts.
The file /translations/.htaccess has the following rules:
`Order deny,allow
Deny from all`
```
My Context in the vHost Conf would be:
`context /translations/ {
location /translations
allowBrowse 0
addDefaultCharset off
}`
```
The file /translations/cldr/.htaccess has the following rules:
`Order deny,allow
Allow from all `
```
My Context in the vHost Conf would be:
`context /translations/cldr/ {
location /translations/cldr/
allowBrowse 1
rewrite {
}
addDefaultCharset off
phpIniOverride {
}
} `
```
I someone would not be able to access the translation folder in the browser but they could access the translations/cldr folder. After applying this context, when trying to access domain/translations, I am hit with a 403 error. Before, it was clearly a 404 error. Is this set up correct?
The file /themes/.htaccess has the following rules:
`
Deny from all
`
```
The issue is OpenLiteSpeed does not recognize FilesMatch. I believe I have to use a Perl regular expression in the Static Context for the URI. Would the context look like the one below:
The file /vendor/mrclay/minify/min/.htaccess has the following rules:
`
RewriteEngine on
# You may need RewriteBase on some servers
#RewriteBase /min
# rewrite URLs like "/min/f=..." to "/min/?f=..."
RewriteRule ^([bfg]=.*) index.php?$1 [L,NE]
# In case AddOutputFilterByType has been added
SetEnv no-gzip
`
```
Woudl it be better to create a static context with the information or put the information in the main .htaccess file?
Example static context:
The file /translations/.htaccess has the following rules:
`Order deny,allow
Deny from all`
```
My Context in the vHost Conf would be:
`context /translations/ {
location /translations
allowBrowse 0
addDefaultCharset off
}`
```
The file /translations/cldr/.htaccess has the following rules:
`Order deny,allow
Allow from all `
```
My Context in the vHost Conf would be:
`context /translations/cldr/ {
location /translations/cldr/
allowBrowse 1
rewrite {
}
addDefaultCharset off
phpIniOverride {
}
} `
```
I someone would not be able to access the translation folder in the browser but they could access the translations/cldr folder. After applying this context, when trying to access domain/translations, I am hit with a 403 error. Before, it was clearly a 404 error. Is this set up correct?
If it says 403 then it is correctly setup as this is what you wanted (According to the rule in .htaccess)
Or something is not working as expected on your end?
The file /vendor/mrclay/minify/min/.htaccess has the following rules:
`
RewriteEngine on
# You may need RewriteBase on some servers
#RewriteBase /min
# rewrite URLs like "/min/f=..." to "/min/?f=..."
RewriteRule ^([bfg]=.*) index.php?$1 [L,NE]
# In case AddOutputFilterByType has been added
SetEnv no-gzip
`
```
Woudl it be better to create a static context with the information or put the information in the main .htaccess file?
Example static context:
For such things, if you can easily convert your rewrite rules then use the doc root .htaccess file, will make things less complex later.
Otherwise, you will have to go into different files later and create many other contexts.
The file /vendor/mrclay/minify/min/.htaccess has the following rules:
`
RewriteEngine on
# You may need RewriteBase on some servers
#RewriteBase /min
# rewrite URLs like "/min/f=..." to "/min/?f=..."
RewriteRule ^([bfg]=.*) index.php?$1 [L,NE]
# In case AddOutputFilterByType has been added
SetEnv no-gzip
`
```
Woudl it be better to create a static context with the information or put the information in the main .htaccess file?
Example static context:
For such things, if you can easily convert your rewrite rules then use the doc root .htaccess file, will make things less complex later.
Otherwise, you will have to go into different files later and create many other contexts.
What do you mean by I would have to go into other files later and create many other contexts? Please give me an example.
This is the original /.htaccess file from PrestaShop:
`# ~~start~~ Do not remove this comment, Prestashop will keep automatically the code outside this comment when .htaccess will be generated again
# .htaccess automaticaly generated by PrestaShop e-commerce open-source solution
# http://www.prestashop.com - http://www.prestashop.com/forums
SetEnv HTTP_MOD_REWRITE On
RewriteEngine on
#Domain: example.com
RewriteRule . - [E=REWRITEBASE:/]
RewriteRule ^api$ api/ [L]
RewriteRule ^api/(.*)$ %{ENV:REWRITEBASE}webservice/dispatcher.php?url=$1 [QSA,L]
# AlphaImageLoader for IE and fancybox
RewriteRule ^images_ie/?([^/]+)\\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 [L]
AddType application/vnd.ms-fontobject .eot
AddType font/ttf .ttf
AddType font/otf .otf
AddType application/font-woff .woff
AddType font/woff2 .woff2
Header set Access-Control-Allow-Origin "*"
#If rewrite mod isn't enabled
ErrorDocument 404 /index.php?controller=404
# ~~end~~ Do not remove this comment, Prestashop will keep automatically the code outside this comment when .htaccess will be generated again`
```
Please verify if I am on the right path based on the guide you posted:
`RewriteEngine ON
RewriteRule . - [E=REWRITEBASE:/]
RewriteRule ^/api$ api/ [L]
RewriteRule ^/api/(.*)$ %{ENV:REWRITEBASE}webservice/dispatcher.php?url=$1 [QSA,L]
RewriteRule ^/images_ie/?([^/]+)\\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 [L]`
```
Some of the parameters in the original .htaccess file give errors. What do I do with the following parameters in the .httaccess file?
Conversion is on point, please note that on v.1.6.4 (Current stable version) you have to modify your rules.
From v1.7 ( 1.7 is in RC ) onwards this conversion is not needed.
For the rest of directives that you have mentioned they are ignored by OpenLiteSpeed, but they will not cause the server to stop and they will be ignored.
You will need to use OpenLiteSpeed to set extra headers using contexts and regular expressions the same way you did earlier.
Here is an example of Drupal .htaccess. Does it look correct?
`RewriteEngine ON
# Set "protossl" to "s" if we were accessed via https://. This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^/ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^/ - [E=protossl:s]
# Make sure Authorization HTTP header is available to PHP
# even when running as CGI or FastCGI.
RewriteRule ^/ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Block access to "hidden" directories whose names begin with a period. This
# includes directories used by version control systems such as Subversion or
# Git to store control files. Files whose names begin with a period, as well
# as the control files used by CVS, are protected by the FilesMatch directive
# above.
#
# NOTE: This only works when mod_rewrite is loaded. Without mod_rewrite, it is
# not possible to block access to entire directories from .htaccess because
# is not allowed here.
#
# If you do not have mod_rewrite installed, you should remove these
# directories from your webroot or otherwise protect them from being
# downloaded.
RewriteRule "/\\.|^\\.(?!well-known/)" - [F]
# If your site can be accessed both with and without the 'www.' prefix, you
# can use one of the following settings to redirect users to your preferred
# URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
#
# To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/foo will be redirected to http://www.example.com/foo)
# uncomment the following:
# RewriteCond %{HTTP_HOST} .
# RewriteCond %{HTTP_HOST} !^www\\. [NC]
# RewriteRule ^/ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/foo will be redirected to http://example.com/foo)
# uncomment the following:
# RewriteCond %{HTTP_HOST} ^www\\.(.+)$ [NC]
# RewriteRule ^/ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
# Modify the RewriteBase if you are using Drupal in a subdirectory or in a
# VirtualDocumentRoot and the rewrite rules are not working properly.
# For example if your site is at http://example.com/drupal uncomment and
# modify the following line:
# RewriteBase /drupal
#
# If your site is running in a VirtualDocumentRoot at http://example.com/,
# uncomment the following line:
# RewriteBase /
# Redirect common PHP files to their new locations.
RewriteCond %{REQUEST_URI} ^(.*)?/(install.php) [OR]
RewriteCond %{REQUEST_URI} ^(.*)?/(rebuild.php)
RewriteCond %{REQUEST_URI} !core
RewriteRule ^/ %1/core/%2 [L,QSA,R=301]
# Rewrite install.php during installation to see if mod_rewrite is working
RewriteRule ^/core/install.php core/install.php?rewrite=ok [QSA,L]
# Pass all requests not referring directly to files in the filesystem to
# index.php.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^/ index.php [L]
# For security reasons, deny access to other PHP files on public sites.
# Note: The following URI conditions are not anchored at the start (^),
# because Drupal may be located in a subdirectory. To further improve
# security, you can replace '!/' with '!^/'.
# Allow access to PHP files in /core (like authorize.php or install.php):
RewriteCond %{REQUEST_URI} !/core/[^/]*\\.php$
# Allow access to test-specific PHP files:
RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php
# Allow access to Statistics module's custom front controller.
# Copy and adapt this rule to directly execute PHP files in contributed or
# custom modules or to run another PHP application in the same directory.
RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics.php$
# Deny access to any other PHP files that do not match the rules above.
# Specifically, disallow autoload.php from being served directly.
RewriteRule "^/(.+/.*|autoload)\\.php($|/)" - [F]
# Rules to correctly serve gzip compressed CSS and JS files.
# Requires both mod_rewrite and mod_headers to be enabled.
# Serve gzip compressed CSS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\\.gz -s
RewriteRule ^/(.*)\\.css $1\\.css\\.gz [QSA]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\\.gz -s
RewriteRule ^/(.*)\\.js $1\\.js\\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \\.css\\.gz$ - [T=text/css,E=no-gzip:1]
RewriteRule \\.js\\.gz$ - [T=text/javascript,E=no-gzip:1]`
```
`
php_value assert.active 0
php_flag session.auto_start off
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_flag mbstring.encoding_translation off
# PHP 5.6 has deprecated $HTTP_RAW_POST_DATA and produces warnings if this is
# not set.
php_value always_populate_raw_post_data -1
`
```
Static Context
`
# Disable content sniffing, since it's an attack vector.
Header always set X-Content-Type-Options nosniff
# Disable Proxy header, since it's an attack vector.
RequestHeader unset Proxy
`
```
Static Context
` extraHeaders <<<END_extraHeaders
X-Content-Type-Options: nosniff
HTTP_PROXY: " "
END_extraHeaders`
```
I currently do not understand how to set these parameters in OLS. Any assistance on them would be appreciated.
`# Protect files and directories from prying eyes.
Require all denied
Order allow,deny
# Requires mod_expires to be enabled.
# Enable expirations.
ExpiresActive On
# Cache all files for 2 weeks after access (A).
ExpiresDefault A1209600
# Do not allow PHP scripts to be cached unless they explicitly send cache
# headers themselves. Otherwise all scripts would have to overwrite the
# headers set by mod_expires if they want another caching behavior. This may
# fail if an error occurs early in the bootstrap process, and it may cause
# problems if a non-Drupal PHP file is installed in a subdirectory.
ExpiresActive Off
# Set a fallback resource if mod_rewrite is not enabled. This allows Drupal to
# work without clean URLs. This requires Apache version >= 2.2.16. If Drupal is
# not accessed by the top level URL (i.e.: http://example.com/drupal/ instead of
# http://example.com/), the path to index.php will need to be adjusted.
FallbackResource /index.php
# Rules to correctly serve gzip compressed CSS and JS files.
# Requires both mod_rewrite and mod_headers to be enabled.
# Serve correct encoding type.
Header set Content-Encoding gzip
# Force proxies to cache gzipped & non-gzipped css/js files separately.
Header append Vary Accept-Encoding
`
```
Conversion is on point, please note that on v.1.6.4 (Current stable version) you have to modify your rules.
From v1.7 ( 1.7 is in RC ) onwards this conversion is not needed.
For the rest of directives that you have mentioned they are ignored by OpenLiteSpeed, but they will not cause the server to stop and they will be ignored.
You will need to use OpenLiteSpeed to set extra headers using contexts and regular expressions the same way you did earlier.
`addMIMEType application/vnd.ms-fontobject eot, font/ttf ttf, font/otf otf, application/font-woff woff, font/woff2 woff2`
```
I see that headers can be set, the issue I am having is the headers can only be set for certain file types rather than all files in the directory. I do not know how to create file level rules. A Static Context refers to directory level rules, correct?
.htaccess
`
Header set Access-Control-Allow-Origin "*"
`
```
I am also not sure if this option is even necessary.
`#If rewrite mod isn't enabled
ErrorDocument 404 /index.php?controller=404`
```
