I have a JS file that has a path to another script. If I do not want to reveal my directory structure, what would be the best way to obscure it?
For example, can I add a rewrite rule in .htaccess file and use that in my JS file or is there a better way to do that?
Current JS file:
URL_PATH = '/incl/pro/dir/files/server.php';
// change to:
URL_PATH = '/dir/server.php';
Create a .htaccess file in your DOCUMENT_ROOT location with following content:
Options +FollowSymlinks -MultiViews
RewriteEngine on
RewriteRule ^dir/(.*)$ /incl/pro/dir/files/$1 [L,NC]
Rewrite rule will take care of forwarding your request of /dir/server.php to /incl/pro/dir/files/server.php internally.
Yes, this would be a good use of .htaccess files to obscure the actual locations of files.
I'm a bit confused by what you're trying to ask here.
A js file is executed on the client machine, not the server machine. So whatever paths you may put on a js script will never be executed on the client machine unless they happen to have that exact path.
A better alternative is to not include paths to a script. Instead have a ajax call to that script. You can't trust that whatever hitting that .php script is from a js file or from someone manually typing it in.
For example, if your site dir is at /incld/site/scripts/yourscript.php and in your js file, you can make an ajax using jQuery to GET the content of www.yoursite.com/scripts/yourscripts.php and parse out whatever you need or execute a script that is required.
Related
Can I use a php script as handler for loading a document in a directory?
My .htaccess (in "/path/to/") would say:
AddHandler handler .png
Action handler /path/to/security.php
And the security.php would do what it was supposed to do, e.g. check databases etc and then continue on to the original file that was loaded. For example:
User attempts to load '/path/to/awesome_picture.png'. The server checks .htaccess and sees the handler. It executes the handler. Following this, the PHP script would redirect to the original file if it saw fit. So user would eventually receive the picture but would undergo checks along the way.
Is this possible, and if so, how can I do it?
Thanks in advance
Looking at the Apache documentation it seems that you can, since the second example matches the config you have written.
But it seems a better idea (to me at least) to use mod_rewrite for this, like so:
RewriteEngine on
RewriteCond %{SCRIPT_FILENAME} ^(.*\.png)$
RewriteRule ^(.*)$ /path/to/security.php?img=$1 [NC,L]
Then you can reference the requested file in your PHP script via $_GET['img'].
I use a .htaccess file to redirect all requests to the same index.php. From there, I decide what to do depending on URL of the incoming request.
For now, I map the request URL to directory structure relative to a source folder, so that example.com/user/create maps to source/user/create/index.php. The file located there can handle the request as needed, and generate HTML output.
But that doesn't work for static assets, the browser may request. So my idea is to find out whether a request URL ends with a file extension and map that to a directory structure relative to a assets folder, so that example.com/css/default.css would map to assets/css/default.css. But I don't know how to respond with a static file instead of HTML code from PHP.
Normally, this might be done using an additional .htaccess rule, but I'd like to change the assets folder dynamically in code.
How can I send a static file, given on the server's hard drive, to the browser client in PHP?
Well, if you really want to, you can just use readfile(). But it would be better to let the web server handle static files if you can; it's more efficient than firing up PHP just to throw a file out the door.
Also, with the PHP approach you'll probably have to set the Content-Type header appropriate per file, which can be annoying. Your web server will be doing that for you already when serving files directly.
Plus there are other things that you may be getting for "free" at the moment that you'll have to consider -- using ob_gzhandler if you want to compress your pages, as might already be being done for static files by Apache, say.
So, while it's possible, and I can see reasons why it's sometimes desirable, I'd probably try to make this kind of processing the exception rather than the rule for files that aren't generally dynamic...
On the the htacess
#Expections
RewriteCond %{REQUEST_URI} ^/assets.*$
RewriteRule ^(.*)$ - [L,NC]
#You redirect to index
...
put a / at the beginning of the file path
/assets/path/to/file
Currently, my page URLs look this this:
http://ourdomain.com/articles/?permalink=blah-blah-blah
I want to convert these to:
http://ourdomain.com/articles/blah-blah-blah
How can I accomplish this using PHP but not with .htaccess?
How can i accomplish this using php but not with .htaccess..
You can't. You will need to tell the web server how to deal with URLs that don't physically exist. In Apache, that is done in the central configuration or in a .htaccess file.
If your server already happens to have AccepPathInfo On, you can try having URLs like
http://ourdomain.com/index.php/articles/blah-blah-blah
which will redirect to index.php and have articles/blah-blah-blah in the $_SERVER["PATH_INFO"] variable. This method is known as "poor man's URL rewriting" because you can't get rid of the index.php part in the URL. If the mentioned setting is turned on (I think it is by default), you may be able to do this without using a .htaccess file.
You can achieve this without mod_rewrite if you have access to the server configuration. Assuming you're using Apache, the first thing you would need to do is turn the MultiViews option on on your document root (ie. add Options MultiViews). Now copy your /articles/index.php to /articles.php (so put the script in your document root and rename it), and adapt your script so it reads $_SERVER["PATH_INFO"] to fetch the correct page (this of course relies on having AcceptPathInfo On).
MultiViews will make sure that the articles.php script is called when you provide a /articles/blah-blah URL.
I don't think you can easily do it without altering .htaccess. You'll most definitely need to use mod_rewrite. See the answers here for more info:
Special profile page link like www.domain.com/username
It is possible to do it in PHP, without modifying .htaccess
Just write following code in either index.php or default.php
<?php
if (isset($_GET['permalink'])) {
header('Location: '.urlencode($_GET['permalink']));
}
?>
It works because when you type following URL:
http://ourdomain.com/articles/?permalink=blah-blah-blah
The filename is not specified.
So, the server looks whether "index" or "default" file is present in the specified directory.
Consider file index.php is present, so server will call:
http://ourdomain.com/articles/index.php
with blah-blah-blah in GET variable permalink
The PHP code checks if permalink GET variable is present, and redirects using header() method.
EDIT: added urlencode() to do input validation
I'm looking for a way to tell Apache that if there is a request for a file from a certain directory it should first run a php script to verify if the user is logged in.
I know I could put the directory outside of the docroot and let a php script handle the authentication and file downloads, but because these are flash files that try to open other flash files it has to be a directory in the docroot, and the files should not have to be send by the php script.
In the old setup we were using mod_auth_script(http://sourceforge.net/projects/mod-auth-script/), but as that is a rather obscure apache module I'd rather have a more common solution if possible.
You can use .htaccess and mod_rewrite to redirect requests to php script. Try some googling and you will find lots of examples.
.htaccess contents example:
Options +FollowSymLinks
RewriteEngine on
RewriteRule ([0-9a-z-_]+)\.swf$ checkForAuth.php?&file=$1 [L]
This will call checkForAuth.php when someone will try to access *.swf file. In checkForAuth.php you need to check your session, read contents from $_GET['file'], set correct headers (content-type for flash) and output contents of requested SWF file.
If I use mod_rewrite to control all my 301 redirects, does this happen before my page is served? so if I also have a bunch of redirect rules in a php script that runs on my page, will the .htaccess kick in first?
The .htaccess will kick in first. If you look at the Apache request cycle:
PHP is a response handler. mod_rewrite runs at URI translation, except for rewrite rules in .htaccess and <Directory> or <Location> blocks which run in the fixup phase. This is because Apache doesn't know which directory it's in (and thus which <Directory> or .htaccess to read) until after URI translation.
In response to to gabriel1836's question about the image, I grabbed it from the second slide of this presentation but it's originally from the book: Writing Apache Modules in Perl and C which I highly recommend.
When a request is made to the URI affected by the .htaccess file, then Apache will handle any rewrite rules before any of your PHP code executes.
Yes, the .htaccess file is parsed before your script is served.
.htaccess happens first.
htaccess is controlled by the webserver. This file will be taken in account before your PHP file.
For example, you could restrict access to a particular folder with your htaccess file. So, it have to be take in charge before your PHP.
Hope this helps.
The .htaccess is performed by Apache before the php script execution.
(imagine if the php script is executed and then the .htaccess make a redirection to another page...).
You always can test this with the following command:
wget -S --spider http://yourdomain.com
With this command you see the who is responding to your request.
As all the others mentioned, .htaccess is first.
So basically, the .htaccess more or less requires the relevant PHP code or files, as according to the rules specified in the .htaccess, meaning .htaccess is run first.