I have a web project and i have created an external photo library for my project.The photo library is outside the web root directory e.g My Codeigniter project is in C:\wamp\www\myprject\application\ but my photo library is under C:\wamp\www\myprject\Lib\
My .htaccess file (under my application folder ) successfully displays the library using the commands below:
.htaccess file
RewriteEngine on
RewriteCond $1 !^(index\.php|images|Lib|css|js|robots\.txt)
RewriteRule ^(.*)$ /index.php?$1 [L]
But the problem is this .htaccess file is also displaying my error_log file along with all the images in the library directory.
What changes i will need to make in this .htacess file to hide it?I just want to display (.jpg,gif,.bmp,.jpeg) files.Please help.Thanks
Do workarounds with 'FilesMatch' tag.
Add this after your RewriteCond and RewriteRule:
<FilesMatch "Lib\.(htaccess|htpasswd|ini|log|error_log|error|sh|inc|bak)$">
Order Allow,Deny
Deny from all
</FilesMatch>
Note: please add your error log file's extenstion in between the pipe ' | ' symbols. Also please remove extensions that you don't want.
More info: How to hide certain file type using apache .htaccess?
I'm not an .htaccess guru, but you should be able to change it to:
## NOT TESTED ##
RewriteEngine on
RewriteCond $1 !^(index\.php|images|Lib\/*\.jpg|Lib\/*\.gif|Lib\/*\.bmp|Lib\/*\.jpeg|css|js|robots\.txt)
RewriteRule ^(.*)$ /index.php?$1 [L]
Lib\/*\.jpg is a regex for any jpg file under the Lib directory
Related
I am working on redesigning a website that is currently a PHP website. The new site will be all HTML. I am trying to keep all of the slugs the same. Should I set up redirects?
Currently, the website pages have the .PHP extension in the browser.
Example: https://www.dehartsystems.com/residential.php
The new page will be HTML and the URL will have no file extension.
Example: https://www.dehartsystems.com/residential
Do I need to set up redirects as the file extension will be changing?
To answer your question, yes you do need to set up redirects. Typically this is done in the .htaccess file in the root of your html folder on your server.
In this .htaccess file you put:
# Check rewriting is possible.
<IfModule mod_rewrite.c>
# Turn on Rewrite engine
RewriteEngine on
# check if file does not exist.
RewriteCond %{REQUEST_FILENAME} !-f
# check if folder does not exist.
RewriteCond %{REQUEST_FILENAME} !-d
# rewrite the given URL.
RewriteRule ^(.*).php$ $1.html [R=301,L]
</IfModule>
This will redirect any call to any .php file that does not exist to the HTML file with the same file name, in the same folder location.
Reference:
https://htaccessbook.com/add-remove-change-file-extensions-htaccess/
See also How to change the PHP file extension using .htaccess file on GoDaddy Linux Hosting?
Yes, you will need to rename every file to .HTML if you don't do so the browser won't recognize the file as code. " https://www.dehartsystems.com/residential.html " only then your website will work., i.e you should rename residential.php to residential.html
How am I able to hide a .php extension in an URL address, so that this address:
http://www.thesite.com/somefile.php
would look like:
http://www.thesite.com/somefile
without the use of the .htaccess file. The reason for that being because I have many directories and would want to hide the extension on all those files in every directory. I have tried to set expose_php to off, and this still fails with error 404.
I am using PHP 5.3.10 and Apache server.
Although you specifically said no, using the .htaccess file would remove the .php extension from all PHP files in all subdirectories in a site. I think that is what you are going for.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php
</IfModule>
Putting that into the .htaccess file will remove all the .php file extensions. Or you could put it directly into the webserver's configuration files.
You can achieve this with URL rewriting. If you don't want to use .htaccess, you can write the rule in your host configuration file.
Is it bad to use:
ForceType application/x-httpd-php
and to save files without a file extention (e.g. index instead of index.php)? The intention is to hide/remove .php from the URL and to stop users from manually putting e.g. /example.php.
To remove the file extension, add this to the .htaccess :
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php
change .php to the proper file extension
new link :
link text
Edit :
Save your files as index.php, about.php, and so on
Yes. Yes it is bad.
The right way to do that is by using mod_rewrite and .htaccess files.
Its not good practice to change extension as it will need configuration for web server each time and so its a portability issue.
You should use .htaccess directives to setup any level of customization.
And in best practice you can route all requests to index.php to avoid direct access of php files.
I'm having a problem with .htaccess file rewrite rules. I want to have one .htaccess file in my root directory and to have rule over there to stop people to be able to access files directly over browser. So, for example I have folder blah/includes/file.php and .htaccess file is in blah/ folder, I want to prevent people to be able to just type in browser blah/includes/file.php and get that file, but also I want my functions in app to be able to use those files. I understand that is almost impossible for them to know exact name of my include files but I would like to be sure.
Thanks in advance.
here is my code which is not responding:
<IfModule mod_rewrite.c>
## Enable Mod Rewrite, this is only required once in each .htaccess file
RewriteEngine On
RewriteBase /
## Test for access to includes directory
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /includes/ .*$ [NC]
## Test that file requested has php extension
RewriteCond %{REQUEST_FILENAME} ^.+\.php$
## Forbid Access
RewriteRule .* - [F,NS,L]
</IfModule>
Note: I'm testing in localhost if that is maybe important.
Problem is in the first RewriteCond you have a space after /includes/, which throws an error.
BUT: I wouldn't use %{THE_REQUEST}, as it contains the HTTP Request (see http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewritecond). Use %{REQUEST_URI} instead.
So, if you want to forbid access to /<folder>/include/*.php, you can use just this code:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/[^/]+/includes/.*\.php$ [NC]
RewriteRule .* - [F,NS,L]
</IfModule>
Assuming your .htaccess lies in the blah/ folder.
The quickest way would be just to put a one-line .htaccess file in your includes directory:
deny from all
The other alternative is to place your includes folder outside of your web-accessible directory.
/home/
/username/
/includes/
/public_html/
/index.php
If you still want to use a RewriteRule, then this is the one you’d use:
RewriteRule ^includes/ - [F,L,NC]
Which would return a 401 Forbidden response trying to access a URI that begin with includes.
How am I able to hide a .php extension in an URL address, so that this address:
http://www.thesite.com/somefile.php
would look like:
http://www.thesite.com/somefile
without the use of the .htaccess file. The reason for that being because I have many directories and would want to hide the extension on all those files in every directory. I have tried to set expose_php to off, and this still fails with error 404.
I am using PHP 5.3.10 and Apache server.
Although you specifically said no, using the .htaccess file would remove the .php extension from all PHP files in all subdirectories in a site. I think that is what you are going for.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php
</IfModule>
Putting that into the .htaccess file will remove all the .php file extensions. Or you could put it directly into the webserver's configuration files.
You can achieve this with URL rewriting. If you don't want to use .htaccess, you can write the rule in your host configuration file.