SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Wizard
    Join Date
    Oct 2005
    Posts
    1,833
    Mentioned
    5 Post(s)
    Tagged
    1 Thread(s)

    Mod_Rewrite Aliased Domains To Sub Directories

    I've searched Sitepoint for about an hour and elsewhere and think I may have an answer. I'm hoping dklynn can chime in about this (I also made this post for the benefit of others in the future).

    My goal:

    1) Host multiple websites on one hosting plan using aliased domains and mod_rewrite.
    2) Make sure no browsers can tell I'm hosting multiple domains on one account by browsing to a subdirectory of my main domain.

    Right now I have two domain names (will have more in the future). domain1.com is the main hosting account, domain2.com is the aliased domain. The aliased domain, domain2.com, points to the root of domain1.com so when someone types domain2.com (with and without the www) the actual file that is served is domain1.com/index.php. domain2.com and any requested files must go to its own files in a separate sub directory (folder).

    What I've got so far:

    Code:
    RewriteEngine On
    RewriteCond %{HTTP_HOST}  ^(www\.)?domain2.com$ [NC]
    RewriteCond %{REQUEST_URI} !^/dir2/.*$
    RewriteRule ^(.*)$  /dir2/$1 [L]
    Basically, anyone typing in domain2.com or (www) domain2.com into their browser will be directed to the /dir2 directory of the main hosting account. The default /dir2/index.php will load unless a specific file path is chosen (REQUEST_URI).

    That seems to work OK, but I need to make sure that it is correct (dklynn would know), I need to be able to add other domain names to be redirected to other folders, and I need to make sure no one browsing to domain1.com/dir2 can see the contents of the /dir2 folder. Anyone browsing to domain1.com/dir2 must be redirected to domain1.com/errorpage.php.

    I do not know how I would prevent anyone from accessing domain1.com/dir2. Do I need to put a separate htaccess file in /dir2 to check the HTTP_HOST and if it is domain1.com, redirect them to domain1.com/errorpage.php?

    I know dklynn would have an answer to this. Is my htaccess correct? How do I prevent people from finding my subdirectories that I don't want them to find? How easy would it be to add other aliased domains to be internally redirected this way?

    I also want to make sure these are internal redirects and the visitors browser isn't being redirected.

    Thanks.

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,653
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    cd,

    Basically, I think you need to go back to your "pointer" for the secondary domains and merely point them to their own directory. That way, there's NO problem with files getting confused. BTW, that's the way that my domain and my clients' domains ARE setup.

    Okay, the code you have is fine for the way that you're doing it (EXCEPT, remember, that you MUST use absolute links throughout the dir2 OR rely on this redirection for EVERYTHING - i.e., more reason to use the subdirectory method for the secondary domains).
    Code:
    RewriteEngine on
    RewriteCond %{HTTP_HOST}  ^(www\.)?domain2.com$ [NC]
    RewriteCond %{REQUEST_URI} !^/dir2/.*$
    # the Red is NOT required - only slows the redirection.
    RewriteRule ^/?(.*)$  /dir2/$1 [L]
    # the ^/? is to eliminate the possibility of a leading /
    The DirectoryIndex will be as selected within your .htaccess.

    WHOOPS! Anyone with access to the primary domain WILL have access to the subdirectories (useful in sharing a Security Certificate with the client domains) but noone should know about the directory name so long as you don't provide that link (except for the shared https links).

    Interesting concept: ErrorDocument for the secondary domains AND checking for access via the primary domain (which can be excluded for https).

    Find subdirectories? Option -Indexes can eliminate the directory listing "problem."

    Thanks for posting here with an EXCELLENT question (with a few unexpected features) so everyone can learn!

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    SitePoint Wizard
    Join Date
    Oct 2005
    Posts
    1,833
    Mentioned
    5 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by dklynn View Post
    WHOOPS! Anyone with access to the primary domain WILL have access to the subdirectories (useful in sharing a Security Certificate with the client domains) but noone should know about the directory name so long as you don't provide that link (except for the shared https links).
    OK. Yeah, I thought that if no one new what the name of the sub folder with domain2 website in it is they wouldn't be able to find it. But I kind of was hoping for a little additional protection.

    I participate in a forum related to my local community. They've been having problems with their free host so I figured I'd offer to host the forum on my hosting plan. I definitely don't want any chance of them finding out about my other website(s), so that's why I was wondering if HTTP_HOST could be checked via htaccess in /domain2 and if HTTP_HOST was domain1.com, redirect them to the error page.

    Thanks for your help. You are a great resource to the Sitepoint community.

  4. #4
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,653
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    cd,

    Thanks!

    Okay, I hope that the first post made believers of everyone that secondary domains should be pointed at a subdirectory, not the primary directory (often, sharing the DocumentRoot is optimum but not this time).

    Prevent access to a subdirectory: Use mod_rewrite code in the PRIMARY domain's DocumentRoot to prevent access to that directory (you may have to add an exclusion if you need to share a secure server certificate).
    Code:
    # for an exclusion:
    RewriteCond {SERVER_PORT} 443
    # Fail to provide anything
    RewriteRule ^/?secondary_dir/ - [F]
    # OR provide something else (NOT both!)
    RewriteRule ^/?secondary_dir/ error_page.php [R=301,L]
    Hiding primary domain from a secondary domain: No problem. Using http://www.secondary_domain, there is NO primary domain information available ... PERIOD!

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  5. #5
    SitePoint Wizard
    Join Date
    Oct 2005
    Posts
    1,833
    Mentioned
    5 Post(s)
    Tagged
    1 Thread(s)
    Hey dklynn, if I want to internal redirect another aliased domain to a sub folder (subdirectory), do I just add the same code again but with the new HTTP_HOST and directory? Like this:

    Code:
    RewriteEngine on
    RewriteCond %{HTTP_HOST}  ^(www\.)?domain2.com$ [NC]
    RewriteCond %{REQUEST_URI} !^/dir2/
    RewriteRule ^/?(.*)$  /dir2/$1 [L]
    
    # Would I add the below to my htaccess file to add a third domain to 
    #my hosting account?  Or am I doing it wrong?
    Rewrite RewriteCond %{HTTP_HOST}  ^(www\.)?domain3.com$ [NC]
    RewriteCond %{REQUEST_URI} !^/dir3/
    RewriteRule ^/?(.*)$  /dir3/$1 [L]
    
    #I'd now hopefully have 3 domain names hosted on my one hosting account.
    Testing this htaccess stuff isn't possible on my home development server. So I want to make sure I've got it right before I upload it to the web server.

    I don't need $2 after the RewriteRule for domain3.com, do I? I think that's a wildcard that is...well, I'm not sure what it's supposed to do.

    Thanks!

    By the way, thanks for your help. I got my second website running on my hosting account. This is a fun little hobby. With Yahoo's cheap domain names, I can put up a bunch of hobby sites and see what sticks. Oh, if I make any money off the website I just put up, I'll remember you!

  6. #6
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,653
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    cd,

    Your code looks okay to me (for the shared DocumentRoot solution which is NOT optimal for your situation). Ditto the domain3 as the Apache variable count is determined for that mod_rewrite (block) statement, i.e., $1 is correct as written.

    With the power of regex, you can write a single block statement for any number of subdomains (provided the domain name and directory name are the same, you can redirect to the %2 subdirectory - (www\.) would be the value of %1 - but you'd also need to add an exclusion for the primary domain).

    Actually, you can test FULLY (except the domain name extension) on your test server. Just create VirtualHost entries for each domain with the DocumentRoot the same relative to your primary domain - just don't forget to update your hosts file, too.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •