Currently I'm looking at a slight change in a configuration file for the Apache Webserver. I'm currently doing this on a development system before applying it to this actual site.
One of the main reasons for this is actually down to the lapse examples and documentation on how to utilise <IF><IFELSE><ELSE> additions to Apache. This means I'm having to mess with the settings to see what works and what causes 500 Server Errors. As I go though I thought I would post what I've worked out and how slowly things can be shifted from using mod_Rewrite, as it might be helpful to other webmasters. (I apologise to all that think this is all "Gobbledygook")
A simple example:
Redirect example.com to www.example.com if the file or directory exists
This might not seem much, however previously my lapse rewrites were actually causing redirects even when a file or directory doesn't exist, that isn't really necessary (in fact it increases is the amount of resources used by the server, albeit marginally)
With the above IF statement, the 404 ErrorDocument will handle any requests that don't match the criteria (unless otherwise specified in other IF statements)
If you intend to use it with HTTPS, then it makes sense to follow it up with:
Just make sure that both redirects begin Https:// (The first example doesn't have an s in )
It just tests to see if the page was accessed using http and if the file that's attempting to be accessed exists. (It will default to a 404 on failure which again doesn't use redirects) This method should be compatible with sites using cloudflare that doesn't even have SSL certs themselves.
Restricting Request methods to only GET, POST and HEAD
This took me a little while to workout since I was trying to do it in a more concise manner involving checking the request method against an array (to shorten the conditional)
Other Request methods can be used by some servers/services, however I try to tighten it where possible.
An addition that isn't an IF Statement might be capable of being used to take it further:
I'll try to add some more as I work out the correct conditionals.
edit:
Limitexcept is like limit, however you put what you want to use and everything else has what's between the tags applied. Notice this is using Require all denied as opposed to Deny from All (since that is now depreciated)
One of the main reasons for this is actually down to the lapse examples and documentation on how to utilise <IF><IFELSE><ELSE> additions to Apache. This means I'm having to mess with the settings to see what works and what causes 500 Server Errors. As I go though I thought I would post what I've worked out and how slowly things can be shifted from using mod_Rewrite, as it might be helpful to other webmasters. (I apologise to all that think this is all "Gobbledygook")
A simple example:
Redirect example.com to www.example.com if the file or directory exists
Code:
<If "(-f %{REQUEST_FILENAME} || -d %{REQUEST_FILENAME}) && (%{HTTP_HOST} == 'example.com')">
Redirect permanent "/" "Http://www.example.com/"
</If>
This might not seem much, however previously my lapse rewrites were actually causing redirects even when a file or directory doesn't exist, that isn't really necessary (in fact it increases is the amount of resources used by the server, albeit marginally)
With the above IF statement, the 404 ErrorDocument will handle any requests that don't match the criteria (unless otherwise specified in other IF statements)
If you intend to use it with HTTPS, then it makes sense to follow it up with:
Code:
#Elseif the attempted request uses HTTP (and exists) redirect to HTTPS
<ElseIf "%{REQUEST_SCHEME} =='http' && (-f %{REQUEST_FILENAME} || -d %{REQUEST_FILENAME})">
Redirect permanent "/" "Https://www.example.com/"
</ElseIf>
Just make sure that both redirects begin Https:// (The first example doesn't have an s in )
It just tests to see if the page was accessed using http and if the file that's attempting to be accessed exists. (It will default to a 404 on failure which again doesn't use redirects) This method should be compatible with sites using cloudflare that doesn't even have SSL certs themselves.
Restricting Request methods to only GET, POST and HEAD
Code:
<If "(%{REQUEST_METHOD} != 'GET') || (%{REQUEST_METHOD} != 'POST') || (%{REQUEST_METHOD} != 'HEAD')">
Redirect 405 -
</If>
This took me a little while to workout since I was trying to do it in a more concise manner involving checking the request method against an array (to shorten the conditional)
Other Request methods can be used by some servers/services, however I try to tighten it where possible.
An addition that isn't an IF Statement might be capable of being used to take it further:
Code:
<LIMIT PUT DELETE CONNECT OPTIONS PATCH PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
Deny from All
</LIMIT>
I'll try to add some more as I work out the correct conditionals.
edit:
Code:
<LIMITEXCEPT GET POST HEAD>
Require all denied
</LIMITEXCEPT>