I am trying to prevent direct access to all php files on my site except index.php using htaccess. I've got following code so far, however it still does not prevent form accessing php files directly.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond $1 !^(index\.php)
RewriteRule ^(.*)$ index.php?page=$1 [L]
</IfModule>
My Solution:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond $1 !^(index\.php|.*\.css|.*\.js|.*\.png|.*\.gif|.*\.jpg)
RewriteRule ^(.*)$ index.php?page=$1 [L]
</IfModule>
That's because of these lines:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
Where you are explicitly telling the rewrite module to NOT run the following rules if the requested resource is a file or directory
However, I agree it's best to move them out of the web root entirely.
Related
Good day,
I am using a framework that uses a .htaccess file to forward all requests to a sub file core/index.php
I used the following .htaccess file code :
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ core/ [L]
# If the request is not for a valid directory
RewriteCond %{REQUEST_FILENAME} !-d
# If the request is not for a valid file
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule (.*) core/$1 [L]
</IfModule>
This worked great I thought until I noticed that the pages got loaded multiple times.
And this is what I want to prevent.
So I had a little look at this forum.
And I found a solution that the space between (.*) and core could be the reason.
Hence I removed it.
And to my delight the multiple db inserts stopped.
However now I have found that my requests do not get forwarded correctly.
Only the main request (www.myapplication.com/) gets forwarded correctly (index.php)
Whenever I am adding something like : (www.myapplication.com/admin) he bugs out and cannot find the page.
I hope anyone could tell me what to modify in this code :
RewriteEngine on
RewriteRule ^$ core/ [L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule (.*) core/$1 [L]
Thanks in advance!!
I also note that whenever I change the (.) core/$1 [L] line to (.)core/$1 [L] that not only my (sub)pages stopped working but for the index.php the load times of my index.php file where split in half.
Hence my page truly gets reloaded multiple times.
Edit
As pointed out by a question below the system also uses a .htaccess file inside the /core directory.
This file has the following contents
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Rewrite all other URLs to index.php/URL
RewriteRule ^(.*)$ index.php?url=$1 [PT,L]
</IfModule>
<IfModule !mod_rewrite.c>
ErrorDocument 404 index.php
</IfModule>
Edit
I think it would come handy to make a small summary. If requested for a file or path I want the server to check if it is
available on the server.
www.myapplication.com/flower.jpeg and the server can find it it should display the flower.jpeg file.
If the server CAN NOT find the flower.jpeg file I want the server to forward the request to /core/index.php?url=flower.jpeg
I am using two .htaccess files
in the **public directory** (main directory)
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ core/ [L]
# If the request is not for a valid directory
RewriteCond %{REQUEST_FILENAME} !-d
# If the request is not for a valid file
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule (.*) core/$1 [L]
RewriteCond %{REQUEST_URI} !core/
</IfModule>
Second file in the core directory
core/
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Rewrite all other URLs to index.php/URL
RewriteRule ^(.*)$ index.php?url=$1 [PT,L]
</IfModule>
<IfModule !mod_rewrite.c>
ErrorDocument 404 index.php
</IfModule>
The issue: my pages are in a loop hence the page index.php get's executed with every server request. E.G. 10 images on a page means 10
requests extra. Same for js and CSS files.
edit:
Solved!!!
This is the solution!!
DirectoryIndex core/index.php
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ core/index.php?url=$1 [QSA,L]
</IfModule>
You have to add
RewriteCond %{REQUEST_URI} !core/
to the RewriteCond block to prevent redirection from the target to the target.
It would be better if your target would be more specific, for example if you could specify /core/ instead of core/ (do you have a core subfolder in every folder?). Also, you will have to exclude image folders.
Try this in /core/.htaccess:
ErrorDocument 404 default
DirectoryIndex index.php
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^.]+)/?$ index.php?url=$1 [QSA,L]
I found a solution. The working code is :
DirectoryIndex core/index.php
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ core/index.php?url=$1 [QSA,L]
</IfModule>
I am working on a new script, I am using mod_rewrite to create permanent links. But I also want to have a login page that goes to a different main page.
ie.
http://www.example.com/dashboard
will load index.php
but
http://www.example.com/login will load login.php
currently my .htaccess looks like this
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Not sure the best way to do what I would like. Tried to look around and couldn't find this example.
I think that all You need is just .php rewrite, so that You can use php pages with or without .php extension. The rest (redirecting) You should do from php scripts.
Here is how .htaccess should look like in this case.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.+)$ /$1.php [QSA,L]
</IfModule>
I'm using SimpleMVCFramework
All my routes are working fine, based on the default htaccess file:
Options -Indexes
<IfModule mod_rewrite.c>
Options -Indexes
RewriteEngine On
RewriteBase /mpl/servicos/smvcf/
# Force to exclude the trailing slash
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.*)/$
RewriteRule ^(.+)/$ $1 [R=307,L]
# Allow any files or directories that exist to be displayed directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?$1 [QSA,L]
</IfModule>
I have a route that expects an id:
http://localhost/mpl/servicos/smvcf/detalhe/37343
But I need the URL the user sees to be friendly as:
http://localhost/mpl/servicos/smvcf/mercedes_benz-a-a_220_cdi_auto-37343.html
I thought something like this would work, but I get a 404:
RewriteRule ([^/]+)-([^/]+)-([^/]+)-([^/]+).html detalhe/$4
Please help.
The user sees the pretty url, but you are not interested in what the seo-title is. What you are interested in is the number that is hidden in it. As the number is in the very back of the pretty url, let's just match on that:
RewriteRule ^[^/]+-([0-9]+)\.html detalhe/$1 [L]
If you are trying to use another rewrite that will not be routed through the default MVC route index.php then you need to make sure you place your new rewrite before those rules. Also that folder you are redirecting to will need to have a index PHP file to do something as well.
Options -Indexes
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /mpl/servicos/smvcf/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.+)-([0-9]+)\.html detalhe/$2 [L]
# Force to exclude the trailing slash
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.*)/$
RewriteRule ^(.+)/$ $1 [R=307,L]
# Allow any files or directories that exist to be displayed directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?$1 [QSA,L]
</IfModule>
I am new in codeigniter and i am trying to remove index.php from URL in Codeigniter but not able to do this.
I wrote code in my .htaccess file-
RewriteEngine on
RewriteCond $1 !^(index\.php|images|robots\.txt)
RewriteRule ^(.*)$ /index.php/$1 [L]
My Apache mod_rewrite is enable.
But still got 404 error when i am trying to access any controller without using index.php.
Please help.
Thanks.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/index/?$ $1 [L,R=301]
</IfModule>
Is the code I'm using, it works on every hosting platform I've used it on.
This should help you,
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L,QSA]
check this code of htaccess file.
DirectoryIndex index.php
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond $1 !^(index\.php|public|images|css|js|robots\.txt)
RewriteRule ^(.*)$ index.php?/$1 [L]
you can find your answer refference here
My .htaccess file is not working
moreover can you share your base url with us? as this error may be due to wrong baseurl set.
I have this in my .htaccess file:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteBase /
RewriteRule ^(.*)$ index.php?route=$1 [L,QSA]
This works fine. e.g. when entering localhost/file it acts as if it was localhost/index.php?route=file
My problem however is that the server is set to serve files without the need to type .php as file extension. So when I access localhost/login, instead of doing localhost/index.php?route=login, it serves me the file login.php directly. How can I avoid that?
Simply disable MultiViews option.
Replace your current code by this one
Options -MultiViews
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?route=$1 [L,QSA]