By mistake, I did not add the suffix .php when I wrote a URL into the browser during a check on my website. The browser ignored it and simply returned the page as if I had added the .php suffix, anyway! Is this normal? Do all modern browsers see a URL like www.website.com/thispage and simply go to thispage.php or thispage.html, if they exist?
Requests go to the server.
Any basic URL in the address bar of a browser make an HTTP request to the server defined by the domain (or hostname). So, http://www.something.com/here/there.x sends a whole bunch of info (in the "HEADER" of the request) to the IP registered for the www subdomain of something.com. That server gets the request, which in the header includes information about your browser, IP, type of request, the full address requested, any submitted data from a form, etc.
Your server's http engine decides what to do with it
Apache, nginx, iis, are different types of HTTP servers who's whole purpose are to listen for such requests, and decide what to do about them.
Typically, this includes setting some degree of defaults, for instance:
match the domain to a directory
something.com: /var/www/site1
strange.com: /var/www/site2
default: /var/default
match the path (everything after the '/' following the domain) to a file
check for a matching .html file
check for a matching .php file
Check permissions and authentication
Execute the file according to config
send the php file to a php process, and reroute the output
simple grab and dump the contents of images, txt, and html files.
Send a response according to what was just executed.
This is DRASTICALLY simplified, and there are many many layers and specifics, but I'm trying to keep this as simple as the question.
You tell apache (or whatever) what to do.
Apache can be configured to return a styleized google search for cats, any time anyone requests `http://blah.something.com/[anything]/*.good. It can be configured to do just about anything you want it to, based on the url you send it. The browser only decides what is sent.
It is completely up to the web server, and it's configuration, as to how a URL is handled. Web servers like Apache, NGinx, Cherokee, Litespeed, etc all have different mechanisms for what happens when a URL request hits it, and then what it decides to do afterwards.
For instance, you could have your web server attempt to add .php and .htm and .html suffixes to the requested url, in order to try to be helpful. Or simply serve up the 404 page, or send the request to the home page - eg index.php.
Related
I have below directory structure in my website,
/public_html
/public_html/admin/
/public_html/admin/js/
/public_html/admin/css/ ....
Basically I want to disallow all direct access to files inside sub folders of /admin, like not allow to access js inside /js/ folder directly but allow it to access from my php page
I added .htaccess file with below code inside /js/ folder,
Order deny,allow
Deny from all
so it is good that it won't allow me to access via browser directly !
BUT when I try to access index.php page in which files of /js/ folder are included using tag, it is not loading up.
So can anyone help me out !
Thanks in advance.
You are not accessing it "from your PHP page". The web server is either serving a request or it isn't. When you load your "PHP page" in a browser, the browser will then go out and request all the Javascript, CSS and image assets linked to from your page. Each of these will be a separate HTTP request to the web server. The web server has no context that this HTTP request is because the asset is linked to from "your PHP page", that's completely irrelevant to it. You can either get the file from the server using an HTTP request, or you can't. And by setting Deny from all, you can't.
You'd have to funnel all requests through a PHP file which checks the login information and only serves the file if the user is properly logged in. E.g. link to scripts.php?file=js/myscript.js and have authentication checking code in scripts.php.
When you restrict a folder like this, you can not include the files that are in it inside your HTML page. It is basically the same request as if the person is accessign directly to the JS by URL.
Usually cpanel tools like
Hotlink Protection
Hotlink protection prevents other websites from directly linking to files (as specified below) on your website. Other sites will still be able to link to any file type that you don't specify below (i.e., HTML files). An example of hotlinking would be using an <img> tag to display an image from your site somewhere else on the Web. The end result is that the other site is stealing your bandwidth.
Index Manager
The Index Manager allows you to customize the way a directory will be viewed on the web. You can select between a default style, no indexes, or two types of indexing. If you do not wish for people to be able to see the files in your directory, choose "No Indexing".
1&2 are tools from usual hosting cpanel. Probably it writes over apache conf files(not sure which ones)
However, you should also be aware of HTTP referer. You could based on this decide when not to show your respurce.
`HTTP referer is an HTTP header field that identifies the address of the webpage (i.e. the URI or IRI) that linked to the resource being requested`
I'm looking for a way to get a page address exactly how it is displayed in the address bar of the browser.
My site is basically a PHP script and my goal is to determine if the users use http://mysite.com or http://www.mysite.com or just mysite.com or www.mysite.com to access the site. I hope to use this information to redirect the link so it would be in a single format. This is required for some third party tools I'm using.
so what I'm askin is if it's possible to get the url of a site, in PHP exactly how the browser is requesting it.
You can tell the difference between www.mysite.com and mysite.com by looking at $_SERVER['HTTP_HOST'], however the browser will always automatically add http:// to a URL (and some browsers hide it from the users as unnecessary information) so there's no way to know what they actually typed in.
The first two lines of an HTTP request look like:
GET /index.php
Host: www.mysite.com
The first line specifies the local resource (usually a file in your web directory), and the second specifies what hostname the user entered to find your site (this is especially useful for servers running multiple virtual web hosts). PHP allows you to extract both of these:
$_SERVER['HTTP_HOST']
$_SERVER['PHP_SELF']
Technically, $_SERVER['PHP_SELF'] specifies the filepath of the current PHP script relative to the root directory of this web host, but that should, in practice, be the same as the resource listed on the first line of the HTTP request.
As the other responses have mentioned, there's no way to tell whether the user typed http:// or not.
You cannot determine whether or not the user typed http:// or left it off directly from PHP. PHP will only be able to tell the final domain name ($_SERVER['HTTP_HOST']). The other functionality is handled in the browser.
I have a php website. There is a domain example http://www.mydomain.com/clubs.php I want to mast it to http://www.mydomain.com/groups.php and the rest of the address will remain the same. Is it possible.
Please guide me how to achive it..
You could create a new file named groups.php and include in it clubs.php.
Or you could use mod_rewrite via .htaccess file.
For including file use:
<?php include_once 'clubs.php'; ?>
For rewriting use and add it after line RewriteEngine On:
RewriteRule ^groups.php$ clubs.php [L]
Hope I've understood what you're talking about with mask.
If I understood you correctly, then you need to use apache directive URLRewrite (mod_rewrite). Google it. It's complex to explain here, but basicaly there are few lines to add in .htaccess file and your webserver must support it. Some do not supoprt for securty reasons. If the server is administered by you then you can easily modify this in VirtualHost directive of yout httpd.conf file.
maxim
Use the Apache mod_rewrite module, see below :
http://httpd.apache.org/docs/current/mod/mod_rewrite.html
http://net.tutsplus.com/tutorials/other/using-htaccess-files-for-pretty-urls/
http://docforge.com/wiki/Clean_URL
You cannot "mask" a domain or URL. A link points to a certain URL. That URL is necessary for the browser to find the server it's supposed to send the request to and to make the request. The browser will send the request to that URL and it will display the URL it sent the request to in the address bar. You cannot make it send a request to one URL but have it display a different URL.
You can make your webserver react to that URL/request any way you want. Just because the request said "clubs.php" doesn't mean the webserver will execute a file called "clubs.php" or that it has to execute some PHP file at all. That can be customized in the webserver itself, typically through URL rewriting in Apache. That's all just internal to the webserver however, it configures how your webserver reacts to an incoming request for a certain URL; it does not "mask" the URL.
If you have links pointing to "clubs.php" but you want them to point to "groups.php" instead, you'll have to change your links. No way around it.
You could redirect all requests for "clubs.php" to "groups.php". I.e., when your webserver receives a request for "clubs.php", it responds to the client by telling it to ask for "groups.php" instead. That's a redirection. It will still make your links point to "clubs.php" though.
I want to create a web site with pure PHP. I want to hide the url parameters. I.e. I want to make my web site with clean urls. Is there is any way to do this with out using any framework? Is cURL helpful to do this?
See URL rewriting in PHP without .htaccess if you don't want to or can't use .htaccess, else refer to How to: URL rewriting in PHP?.
Just have a look on it...before you start your stuffs
http://httpd.apache.org/docs/2.0/misc/rewriteguide.html
First of all: It is not possible with PHP only (at least not the forms of URL I think of when reading clean URL). The web server needs to know how to handle requests and what requests are meant to be passed to your PHP script. Otherwise you will probably just get a 404 response.
Because the default behavior of a web server is to just take the requested URL path and try to map it to an existing file below the document root. If a corresponding file was found, either the file’s content is passed back to the client or – as in case of PHP files – the file’s content is passed to an appropriate interpreter and the returned data is passed back to the client. And if the file was not found, well, it responds with the status code 404. So at some point you need to configure your web server.
But after that, when the request was passed to your PHP script, you sure can use just PHP to establish clean URLs. And I would rather suggest to do that with PHP than with web server utilities. Because your PHP application should know best how to handle a requested URL.
In PHP, all required information are in the $_SERVER variable:
$_SERVER['REQUEST_URI'] holds the requested URL path and query (you can parse that with parse_url), and
$_SERVER['PATH_INFO'] holds the PATH_INFO if you’re using that (see Apache’s AcceptPathInfo directive).
Try to rewrite url using php and rewrite url using .HTACCESS.
For example, original url,
www.domain.com/item.php?product=Cars for sale in amazon
with php
www.domain.com/item.php?product=Cars-for-sale-in-amazon
and with .HTACCESS file
www.domain.com/Cars-for-sale-in-amazon
Nope, no curl or framework doing this. Nor php at all.
It is web server who deal with urls.
So, if you want fake urls, you have to set up your web server to redirect certain urls to certain scripts.
The most common way is to use Apache web server with mod_rewrite module
From what I have read and understand of it, there's 2 ways you can do this:
The first being mod_rerite where everything seems to re fone through rewrite rules through the .htaccess file fairly simple to do but can put big load on webserver with large sites
Use PHP to control the rerites this does use .htaccess but only to redirect everything back to the index.php where a dispatcher reroutes paths as necessary. There's a fantastic tutorial of this at phpvideotutorials.com the tutorial is called the tumblelog.
I was testing a web service in PHP and Python. The address of the web service was, let's say, http://my.domain.com/my/webservice. When I tested the web service in PHP using that URL everything worked fine. But, when I used the same location but in Python using SOAPpy I got an error.
Below is the code I used to communicate with the web service (Python):
from SOAPpy import WSDL
server = SOAPProxy('http://my.domain.com/my/webservice', namespace)
server.myFunction()
The respond I got from the server:
HTTPError: <HTTPError 301 Moved Permanently>
I figure out that if I add a trailing slash to the web service location it works!
from SOAPpy import WSDL
server = SOAPProxy('http://my.domain.com/my/webservice/', namespace)
server.myFunction()
Why the lack of the trailing slash causes the error?
They're different URLs. http://my.domain.com/my/webservice implies a file webservice in the my folder. http://my.domain.com/my/webservice/ implies the default document inside the my/webservice folder.
Many webservers will automatically correct such URLs, but it is not required for them to do so.
Because the actual server URL is:
http://my.domain.com/my/webservice/
The PHP library must be following redirects by default.
The error is a 301 redirect meaning the you are being redirected to the URL with the slash on the end by the web server.
It seems that PHP will auto follow this redirect and thus not throw the error, whereas Python won't. You will need to do the following:
Try to Connect to the initial URL
Catch any 301 redirect and possibly 302 redirects as well
If there was a redirect then try to connect to that URL instead.
The new URL should be available in the response headers.
HTH.
[Disclaimer: This is a copy of my answer from here. I know some people don't like this kind of copying, but this explains why the slash is important.]
Imagine you serve a page
http://mydomain.com/bla
that contains
Read more...
On click, the user's browser would retrieve http://mydomain.com/more.html. Had you instead served
http://mydomain.com/bla/
(with the same content), the browser would retrieve http://mydomain.com/bla/more.html. To avoid this ambiguity, the redirection appends a slash if the URL points to a directory.
What a SOAP-URL looks like is up to the server, if a slash is necessary depends on the server and the SOAP implementation.
In your case, I assume that the target server is an apache server and the SOAP URL is actually a directory that contains your SOAP handling script.
When you access http://my.domain.com/my/webservice on the server, apache decides that the directory is properly addressed as http://my.domain.com/my/webservice/ and sends a 301 redirect.
SOAP uses a http POST, its up to the client to decide if the redirect should be followed or not, I assume that it just doesn't expect one.
Other implementations of SOAP, e.g. Apache Axis in Java have URLs that look like Servlets, e.g. http://domain.com/soap/webservice without slash, in this case the URL without slash is correct, there is no directory that exists anyway.
Axis fails on redirects as well, I think.