Addon domain(s) – block access via subfolder(s) and subdomain(s)

Home Forums BulletProof Security Free Addon domain(s) – block access via subfolder(s) and subdomain(s)

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #31390
    Alex
    Participant

    I hope you can help – this forum is so useful 🙂

    I have two websites, each with BPS installed and working. Mainsite.com is installed in the root folder and Addon.com is in a subfolder (/addon.com/).

    I have followed the advice at http://forum.ait-pro.com/forums/topic/htaccess-files-for-multiple-website-domains/ and put the blocking code in Mainsite.com’s .htaccess Custom Code, to stop that .htaccess affecting Addon.com

    I’m now trying to work out where (and exactly what) to put in Mainsite.com’s .htaccess to prevent Addon.com being reachable via either:
    addon.mainsite.com or mainsite.com/addon.com

    I’ve tried adding the following code to CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here 

    # prevent Addon domains from being reached via subfolders of main domain
    RewriteCond %{HTTP_HOST} ^(www.)?mainsite.com$ [NC]
    RewriteCond %{REQUEST_URI} ^/addon.com/(.*)$
    RewriteRule ^(.*)$ - [L,R=404]
    
    # prevent Addon domains being reached via subdomains of main domain
    RewriteCond %{HTTP_HOST} ^addon.mainsite.com$ [OR]
    RewriteCond %{HTTP_HOST} ^www.addon.mainsite.com$ [OR]
    RewriteCond %{HTTP_HOST} ^addon.com$
    RewriteCond %{REQUEST_URI} ^/$
    RewriteRule ^(.*)$ http://www.addon.com/ [R=301,L]

    But this doesn’t seem to work. So I’m not sure if it is the code or the position or I should be asking my hosts or something else?

    #31391
    AITpro Admin
    Keymaster

    This forum topic explains how to add RewriteRule bypass htacces code:  http://forum.ait-pro.com/forums/topic/htaccess-files-for-multiple-website-domains/  htaccess files are processed starting from the top of the htaccess file to the bottom of the htaccess file.  So what would happen in the example code below is that if the URI|URL is exampleA.com then any Requests will be sent directly to that site and not continue to process any more code in the Root htaccess file. It is basically a bypass and not a block.

    # WP REWRITE LOOP START
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    
    # Do not apply rules to other child websites &
    # do not log errors for these child sites
    RewriteRule ^exampleA.com/ - [L]

    I don’t understand what this means below or what you are trying to do?  Please explain what you are trying to achieve and why you want to do that.

    I’m now trying to work out where (and exactly what) to put in Mainsite.com’s .htaccess to prevent Addon.com being reachable via either: addon.mainsite.com or mainsite.com/addon.com

    #31394
    Alex
    Participant

    Thanks -that is the code I used for the bypass rule 🙂

    I don’t understand what this means below or what you are trying to do?  Please explain what you are trying to achieve and why you want to do that.

    I’m now trying to work out where (and exactly what) to put in Mainsite.com’s .htaccess to prevent Addon.com being reachable via either: addon.mainsite.com or mainsite.com/addon.com

    Okay – I will try to break it down:

    Mainsite.com is the primary website, located in the root folder /public_html/
    Addon.com is an add-on website, located in /public_html/addon.com/ (of the Mainsite.com installation).

    Both website work fine but have nothing to do with eachother – they are two different companies. Browsing to each URL brings up the individual websites as it should.

    However, browsing to addon.mainsite.com or mainsite.com/addon.com will reveal Addon.com (but the URL will not change to Addon.com). What I need to happen (and I believe this is normal for an addon website setup) is for browsing to either of those specific links to cause a 404 error, or a 301 permanent redirect.

    The effect of this is that the site will not be indexed (by search engines) in the wrong location (thereby appearing to be a duplicated site).

    I hope that makes sense now, and I appreciate you taking the time to look into this!

    #31398
    AITpro Admin
    Keymaster

    Ok something is not setup/configured correctly in your web host control panel DNS settings since this should not be happening:  “However, browsing to addon.mainsite.com or mainsite.com/addon.com will reveal Addon.com (but the URL will not change to Addon.com). What I need to happen (and I believe this is normal for an addon website setup) is for browsing to either of those specific links to cause a 404 error, or a 301 permanent redirect.”

    When you create a subdomain site you need to create an A Record or CNAME Record for the subdomain site in your web host control panel DNS settings.  Check your web host help pages for how to create a subdomain website.  If you cannot find any help information on how to create a subdomain site on your web host help pages then contact your web host support folks for the steps to add a subdomain site/create DNS A or CNAME Records.

    Example:  This forum site is a subdomain website and has an A Record created in our web host control panel DNS manager tool.

    #31407
    Alex
    Participant

    Thanks – I hadn’t considered that the hosts (Siteground) who I paid to transfer the site might not have done everything needed. I even asked them and they said it was all set up correctly.

    The options are there in the cPanel under ‘Subdomains’ and ‘Addon Domains’. Filling in the redirects there inserts the correct code at the end of the .htaccess:

    RewriteCond %{HTTP_HOST} ^addon\.mainsite\.com$ [OR]
    RewriteCond %{HTTP_HOST} ^www\.addon\.mainsite\.com$
    RewriteRule ^/?$ "http\:\/\/www\.addon\.com" [R=301,L]

    So I’ve added that to the bottom of the BPS custom code box marked
    CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.