Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Before proceeding with these instructions, note that you almost never need these rewrites. Neither for Apache aliases nor for all the usual kinds of applications running in subdirectories.
When Drupal appears to take over your subdirectories, it actually takes over the pages where Apache would respond with a "Page not found" error anyway.
Scroll down and read "Restore support for other Directory Index Files (index.htm)" and you may find that your problem was very simple.
Ignoring Subfolders that exist in the DocumentRoot
With clean URL's enabled, when running other software applications in subfolders (subdirectories) of a Drupal root installation. your .htaccess file may rewrite those URL's to Drupal. This may be a particular problem for those with a Drupal installation in the root of their domain using Cpanel and Fantastico where Fantastico installs other software into subfolders. For example, phpSurveyor's admin interface as installed by Fantastico will not work with Drupal's default .htaccess settings. The URL for the admin interface is inaccessible and will return a "page not found" page in your Drupal site.
The trick is to modify .htaccess to ignore specific files/folders. So for example, if you have two folders, <folder1> and <folder2> in the root of your Drupal installation, modify your .htaccess file by inserting the following code directly after the "RewriteEngine on" directive, before the Drupal rewrites:
=========[ start of .htaccess snippet]==========
<IfModule mod_rewrite.c>
RewriteEngine on
#
# stuff to let through (ignore)
RewriteCond %{REQUEST_URI} "/folder1/" [OR]
RewriteCond %{REQUEST_URI} "/folder2/"
RewriteRule (.*) $1 [L]
#
====================[ end ]=====================For each folder you want to bypass, add a RewriteCond line, and end all but the final RewriteCond with [OR]. Note that the [L] in the rewrite rule tells it to stop there and bypass the rest of the rewrite rules.
Ignoring subfolders that are included via Apache Alias directives
As of 4.7, files and directories should be automatically allowed through in drupal's .htaccess setup. Thats what the !-f and !-d lines do.
However if you are working with Apache Alias or similar directives the file doesn't actually exist so drupal will take over like it should. The best way around it is to just add one more conditional that matches your location and make it skip it too. Thats what the ! means. Please see below:
RewriteCond %{REQUEST_URI} !^/yourDirectoryName
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
It essentially means Apply this rule if the REQUEST_URI doesn't start with /yourDirectoryName and the REQUEST_FILENAME isn't a real file or a real folder. Which is exactly what you want. There is an implied "AND" between the lines of that rule. The ! says "not like this".
Restore support for other Directory Index Files (index.htm)
Drupals .htaccess file also includes a line (DirectoryIndex) that gives instructions "If asked for a directory path, return the index.php file found in that directory". This replaces the normal webserver behaviour that usually says "return the index.htm file found there".
The good news, it that it's easy to say both. And that's what we need to do to allow other folders of HTML content to co-exist with Drupal and server them as expected.
Method 1 - Allow index.html anywhere
Edit Drupals .htaccess file and change the DirectoryIndex line to read:
DirectoryIndex index.php index.html index.htm
Now index.htm and .html files may be served if no index.php is found. You can add other filenames as needed.
Method 2 - Allow html (and folder listings) in the subdirectory
You may also avoid changing Drupals .htaccess, and just set the preferences for the relevant subfolder. This is a little more specific, accurate, and maybe secure.
Create a new .htaccess file in the target folder, eg folder1/.htaccess
Add the lines
DirectoryIndex index.php index.html index.htm
Options +Indexes
Now index.htm and .html files may be served from there.
Additionally, the default Apache 'raw folder listing' behaviour has been restored, so you can see where you are even if there is no index file in the folder. This is optional, but may be useful to you. It is advised you do not allow folder listings at the Drupal level.
There's a heap more possible, but it's all in the Apache Docs so go there for more info and examples.
You may also want to adjust the 404 behaviour for that subfolder too.
Comments
Problem when page requires authentication
You will notice that the default .htaccess will not work if your page requires authentication (ie: it contains another .htaccess that requests username and passowrd to the user).
In order to get it working you should prepare a file called
401.shtml
and put it into your root directory
/home/mysite/www/
See also this node, great help
http://drupal.org/node/52465#comment-106353
Apache basic authentication in subdirectories
After a massive headache and trying all sorts of htaccess rewrites in different places - the solution is rather simple:
Add this line to the beginning of the .htaccess file in your subdirectory you are trying to protect:
ErrorDocument 401 "Unauthorized"
From here: http://drupal.org/node/64708
Bingo!
Ah! That worked for me. I tried a bunch of different .htaccess rules. Finally got one working and then it made my Administration Menu disappear. This was the fix I used.
So I added to the main .htaccess file:
RewriteCond %{REQUEST_URI} !^/myDirectoryNameAnd then added
ErrorDocument 401 "Unauthorized"to the .htaccess in the subdirectory that was password protected.
Thanks!
DirectoryIndex index.php index.html
I had (or at least I thought I had) the same problem trying to access my Webalizer subfolder, as I got nothing but 403 Forbidden responses ("You don't have permission to access /webalizer/ on this server.") after I had authenticated myself. The way my hosting company has configured their server, the
webalizerdirectory is owned byrootand I can't modify its.htaccessfile or other contents, only read it.After some failed attempts using the RewriteEngine to bypass Drupal, I realized that Drupal wasn't really at fault, but that I was in effect asking for a directory listing in spite of
Options -Indexesin the.htaccessfile (put there by Drupal, of course). Webalizer usesindex.htmlfor its main statistics page, and when I explicitely added that filename to my URL, the problem disappeared.Eventually, I added
index.htmlto theDirectoryIndexdirective, where Drupal only requiresindex.phpto work. I believe that won't impact security as much as enablingIndexingacross the website would.For users who have Drupal 6.x installed in the root directory
I have Drupal 6.10 and searched all the forums, but could not find a simple solution that worked. Below is a simple solution that works.
For users who have Drupal 6.x installed in the root directory of the domain, do the following:
The ONLY thing you need to do to gain http access to a sub-directory in your domain if Drupal 6.x is installed in the domain’s root is to create and add an .htaccess file containing the following single line of code to the sub-directory.
.htaccess file
-------------
My particular situation:
Drupal 6.10 installed in the root of mydomain.com.
Clean URLs enabled and using the third party pathauto module.
Needed to allow customer access to:
mydomain.com/customers/customer-001
mydomain.com/customers/customer-002
mydomain.com/customers/customer-003
mydomain.com/customers/customer-004
mydomain.com/customers/customer-xxx (ect...)
where each of the individual mydomain.com/customers/customer-xxx sub-directories are username / password protected.
Note, these mydomain.com/customers/customer-xxx password protected sub-directories already existed before the Drupal installation, so I did not have to do anything to them.
I needed to allow customer access to the mydomain.com/customers/customer-xxx sub-directories, so I created and added the above mentioned .htaccess file to only the mydomain.com/customers/ sub-directory.
That's it. It all worked from then on.
Optional Change
If you also want to have access to an index.html file located in the root directory along side with the Drupal's index.php file, then modify the root directory's .htaccess file as follows:
Add the index.html file name to the DirectoryIndex line.
Before Modification of the .htaccess file
After Modification of the .htaccess file
Sam
Godaddy users who have Drupal 6.x in the root directory
I have a virtual domain using godaddy and when I put the .htaccess, I get 404 pages everywhere on my site. I just put the following lines in my .htaccess at the root of my drupal installation. Now, clean url is working perfectly and I do not have Unauthorized access 404 pages on my site.
Just add a .htaccess file at the root of your drupal installation that includes these lines:
# Various rewrite rules.
RewriteEngine on
# If your site can be accessed both with and without the 'www.' prefix, you
# can use one of the following settings to redirect users to your preferred
# URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
#
# To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/... will be redirected to http://www.example.com/...)
# adapt and uncomment the following:
# RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
# RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
#
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/... will be redirected to http://example.com/...)
# uncomment and adapt the following:
# RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
# RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]
# Modify the RewriteBase if you are using Drupal in a subdirectory or in a
# VirtualDocumentRoot and the rewrite rules are not working properly.
# For example if your site is at http://example.com/drupal uncomment and
# modify the following line:
# RewriteBase /drupal
#
# If your site is running in a VirtualDocumentRoot at http://example.com/,
# uncomment the following line:
RewriteBase /
# Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
# $Id: .htaccess,v 1.98 2008/11/28 09:39:13 dries Exp $
403 Forbidden - Access to this resource on the server is denied!
My configuration is Drupal 6.20 with Pathauto in the root directory on a Litespeed server - I'm told it's 100% Apache compatible. I want to use one subdirectory off the root as a file repository. Security is no issue for these files - They're images used in a Newsletter.
http://for.bar/images
When I try to access that subdirectory, I get a 403 Forbidden error. I've tried the solution listed above:
And I've tried:
ErrorDocument 401 "Unauthorized"in the /images subdirectory. Neither work. And a DirectoryIndex probably won't work because I have no index.* file in that subdirectory. Any thoughts?
That is expected
That is expected behavior.
Attempting to read a directory where directory listing has been disabled (it was disabled in the higher .htaccess) is indeed forbidden.
But did you try accessing the path to your image files directly? they should have got through.
If you look at Method 2 in this page, you should see to add
Options +Indexesif you wand to restore directory indexing behavior..dan. is the New Zealand Drupal Developer working on Government Web Standards
Nothing has worked
I have looked everywhere for a solution to this problem but nothing has worked. I have tried all the above suggestions and several more on other threads. Yet, I am still unable to access any of my sub directories. I have mediawiki installed in a sub directory but I am unable to access it. I am wondering if it is something to do with Drupal 6? Most of what I have seen is for 4 or 5. The major solution I see for Drupal 6 is to include ErrorDocument 401 "Unauthorized" in the .htaccess of all the sub directories you want to be able to access but that doesn't help at all either. However, I have an HTML website in another directory which will come up if I type index.html specifically but not if I just enter the directory like usual. But this is not the case with mediawiki as I can try to type http://example.com/wiki/index.php but it still doesn't work.
Is anybody else still not able to solve this problem or does anybody have any other likely solutions?
Thanks.
RE: Nothing has worked
I cannot be sure that this is the problem, but it may be due to a conflict with using the index.php file name since Drupal uses the same index.php file name.
The following may work, but may not be the optimal solution.
You could try to create an index.html relocation page as shown in the example below that will point to the http://example.com/wiki/index.php page.
index.html HTML Relocation Page
You can also name this file to index.htm and then add the file name to the domain's root .htaccess file.
Sam
Finally Found a Clear Solution!
http://www.thesitewizard.com/apache/access-non-drupal-folders.shtml
Yay! This was a very clear article and it worked for me. A few notes:
* You need to have 2 .htaccess files. The one Drupal uses in the root (or your Drupal root) directory needs to have the 401 error code. The second .htaccess file goes into your chosen root folder and lists Directory terms, NOT the 401 error code.
* It works and saved me some serious Pagerank mojo :)
Create subfolder in cPanels
I gained access to the files in a subfolder by creating the folder via cPanel's file manager, instead of in the FTP client. My .htaccess settings were fine from the start.
More here:
http://drupal.org/node/649720
ONLY show modules/themes/libraries/plugins file contents
I have a test install and like that others can see all my modules, themes, libraries and plugins, more specific ONLY can see them, not calling them.
.htaccess:
But doesn't show drupal files like .info, .module, .install, .tpl.php
How? =>
OK!
Then I want that people be able to see all files, but have control which are executed. So html files could be executed, but php files should visitors be able to read instead!
http://www.askapache.com/htaccess/security-with-htaccess.html#deny-htacc...
=> see the three following samples there; they only don't work at my server or within Drupal to have visitors look into my /all dir and subdirs, seeing all files contents but not executing them; why not?
Same for the first similar examples here:
http://www.askapache.com/htaccess/securing-subdirectories-with-htaccess....
BUT the last one works perfect! I get to see my php files contents, without them being executed:
NO; .php and tpl.php files contents are now displayed, while .swf still is executed...
WARNING: Know what you're doing and at your own risk! Inside the .../sites/all/ dir where I made that .htaccess file and works for the sub-dirs, normally are no passwords etc. stored, but exemptions can exist for connecting widgets or so; who knows for sure...
For sure don't put this into your .../sites/ dir, as there also is your .../sites/default/ with your drupal database password and settings.
Then letting others know the specifics of your install, gives them more insight for planning an attack on your site. But in my case, others must be able to have insight into this project details.
A last point is password protection these dirs, so only trusted colleagues and volunteers can see the full projects contents. I failed in doing so; this resulted in that blocks disappeared in my drupal install. Any idea how to do correctly?
Sometimes a nice feature is to be able to execute php and swf to see what its doing and sometimes it are examples that work in that way and are there to see them work. It must be possible in .htaccess to give two options; or being able to execute files, or being able to see the contents. Of-course then former problem with passowrd protection needs to be resolved first.
Please feedback for making this better; discussion forum-topic http://drupal.org/node/928066, while for complete solution here of-course!
This is most helpful. Thanks.
This is most helpful. Thanks.
-----------------------------
Subir Ghosh
www.subirghosh.in
Getting forbidden error for subfolder on drupal 7
Hello,
I am using ubuntu and drupal 7.
I have folder structure as /var/www/mysite.
As i have set vi as prefix for the language as default on my site i used multilingual module and used the url detection method for prefix. Now my homepage appears as localhost/mysite/vi (previously it was localhost/mysite).
I have created a flashpub folder from where my flash files get loaded on the home page using the controller. When Vi was set as prefix, the flashpub was checking the localhost/mysite/vi path for loading the flash. So I have created a folder now /var/www/mysite/vi with full permissions and uploaded flash there. I had specified the path for loading this flash by using tpl files respective for the flash files and links.
Here comes the major problem: Now i can see the flash which appears in the url localhost/mysite/vi/flash2, but my home page flash which has to appear on localhost/mysite/vi doesn't load and I get error as below:
"Forbidden
You don't have permission to access /mysite/vi/ on this server.
Apache/2.2.17 (Ubuntu) Server at localhost Port 80"
I have checked the .htaccess for the RewriteEngine on option. all things are proper but my front page is not loading. If i remove the vi folder from /var/www/mysite/vi path then again i am able to see my home page but with the path localhost/mysite/vi.
Please suggest what can be done if i am using the language prefix for multilingual site.
Thank you,
Sucheta.
This is not an htaccess thing
This is not an htaccess thing specifically.
It's about using URLs and relative links properly in Flash. The answer is Don't use URLs or relative links in Flash - use parameters instead.
Big discussion of the issues, the miscomprehensions, and a large collection of possible work-arounds. http://drupal.org/node/101918#comment-1042970
When you created the subfolder, it makes the system think it should be indexed - and that is prohibited. Basically, don't do that. Find a better way to communicate with your flash and explicitly TELL it where to load its extra resources from, don't assume that the other things are in the same 'folder'
.dan. is the New Zealand Drupal Developer working on Government Web Standards
I have a problem with rewrite
I have a problem with rewrite rule in httpd.conf (IBM HTTP Server) from some URL to static file in %DOCUMENT_ROOT%/* (*/IBM/HTTPServer/htdocs/*)
I triyed many recomendations in internet, but have not had any positive results
I want to configure next:
if user go to url https:////FILEName.html the rule have to transfer to static file FILEName.html in directory */IBM/HTTPServer/htdocs/*
It could be also txt, pdf, word files instead of html.
Could you please help me with this task?
I will be very apreciate.
Thanks in advance
I can't answer this.
I can't answer this.
This would be up to the documentation for your webserver configuration.
I know easy answers exist in Apache, and probably any other webserver, but at this level, it's not a Drupal question.
Though you may look at redirect.module if your webserver is Drupal-managed
.dan. is the New Zealand Drupal Developer working on Government Web Standards
Some Clarification Needed.
The article indicates that the directives should be placed "... directly after the "RewriteEngine on" directive, before the Drupal rewrites", but then it states "the [L] in the rewrite rule tells it to stop there and bypass the rest of the rewrite rules."
So if we put the directive at the beginning of the htaccess file, the [L] will bypass the rest of the Drupal rules.
Am I missing something here?
rewrites work for an hour and then stop
I sure need help to be able to use xenforo and drupal 9 on the same domain. Drupal is in the root and I've moved xenforo in a subdirectory called /community .
I have both working but the rewrite rules to /community keep going 404 after a few hours. If I remove and re-save my rewrite rules they will work for a few hours again. I don't understand how to fix this. Can someone please help?
Solution
This cron works but not sure its the best solution. A devolper did this for me so not sure I am sharing the info the best way but thought it may help others who are having the same issue I had.
Create a cron in cpanel
wget --spider -O - https://yourdomian.com/drupal-xanforo.php >/dev/null 2>&1
*****
create a .php file for cron to call and put it into the root
<?PHP
$htaccess = file_get_contents('.htaccess');
file_put_contents('.htaccess', '');
file_put_contents('.htaccess', $htaccess);
?>