I would like to include external php files into my index.php without using:
index.php?p=pagetoinclude.php
I have it like this now: index.php?page=home <- that will include home.php but I have completely forgotten how to do it like this:
index.php/home/ without "?" but using "/" slash instead.
Use mod_rewrite
And I should point out that including a page passed in via GET parameter could be extremely insecure unless you're doing the proper checks.
It looks like you're trying to use fake clear urls.
On index.php you would get the URL, split it at index.php/ and then parse the rest of the string as necessary.
Apache named this kind of feature AcceptPathInfo:
This directive controls whether requests that contain trailing pathname information that follows an actual filename (or non-existent file in an existing directory) will be accepted or rejected. The trailing pathname information can be made available to scripts in the PATH_INFO environment variable.
For example, assume the location /test/ points to a directory that contains only the single file here.html. Then requests for /test/here.html/more and /test/nothere.html/more both collect /more as PATH_INFO.
You can access that environment variable with $_SERVER['PATH_INFO']:
Contains any client-provided pathname information trailing the actual script filename but preceding the query string, if available. For instance, if the current script was accessed via the URL http://www.example.com/php/path_info.php/some/stuff?foo=bar, then $_SERVER['PATH_INFO'] would contain /some/stuff.
If you don’t have an Apache web server or can’t use AcceptPathInfo, you probably can use other mechanisms to rewrite such requests to your file and get the path info part from the requested URI somehow.
Related
I want to redirect to another url when request come to apache http for download a file
for example, client call https://example.com/download/apps/v1.01.apk
/download/apps/v1.01.apk is a real path
I want when call url apache prevent to download it and redirect to another url
For this, you will need to use a .htaccess file.
Create a .htaccess file, in the root of your project and type this into the file:
RewriteEngine on
Options -Indexes -Multiviews
RewriteRule ^(v1\.01\.apk)$ your-new-url.php
It's worth keeping in mind that when the web server first receives a request, the URL is just a string, and the server has to decide what to do.
One of the things it can do is look for a file on disk whose name matches the URL. If it finds a file, it can decide what to do with that information, perhaps combined with other information the browser sent in the request, or information it finds about the file.
Eventually, the server will come up with a response - maybe a response with the content of the file it found; maybe the result of running a particular script; maybe a response indicating a redirect to a different URL.
With most web server software, you can configure all of these decisions, in very flexible ways. So you can say "if the URL has a v in it, look for a file in this folder; if it exists, run this PHP script with the file name as an argument; if it doesn't, issue a redirect response to a URL where the v is replaced with an x".
For Apache, you will see a lot of advice to use .htaccess files to do this. These are not the primary configuration for Apache, but they are a convenient place to put extra configuration when you are using a shared server and can't edit the main configuration for security reasons.
The specific configuration line used to trigger a redirect response in Apache looks like this:
RewriteRule pattern-to-match-against-request url-to-redirect-to [R]
The first argument is a "regular expression" which can be as general or specific as you want. Note that . means "any character", so if you want to match a dot specifically, write \.
The second argument can contain variables like $1 and $2 which refer to parts of the requested URL "captured" by putting them in brackets in the pattern.
The [R] at the end can also have a type, like [R=temp] or [R=307], which will change how the browser handles the redirect, caches it, and so on. There are also other flags your can add, like [R,NC] for "Redirect, Not Case-sensitive".
Finally, you can add any number of RewriteCond lines before a rule, such as RewriteCond -f %{REQUEST_URI} meaning "if a file exists with the same name as the requested URL.
Let's take a proper URL to a php-Page like:
https://secure.php.net/ChangeLog-7.php
If we now add a trailing slash and some random garbage like this:
https://secure.php.net/ChangeLog-7.php/nonexistentfolder/anotherfile.html
the URL still works. In my opinion, it should have generated a 404-Error because "nonexistentfolder" is a folder not existing on the remote server as well as "anotherfile.html" is a non existent file.
This seems to happen generally, independent from webserver or rewrite-rules, so it seems to have its source in the PHP-Webserver-Module.
I do understand, what PATH_INFO is, but i do not understand, why calling such a URL does not generate a 404 response which would be the case if the existing file in the URL would be .html (and not .php).
How do people deal with this i.e. to avoid such bogus links making their way to search engines or alike?
Thanks!
According to the Apache Documentation, the Setting for AcceptPathInfo depends on the Handler used to answer the request. Handlers to answer requests for .html and .php files are different and it seems the default of the handler for .php is to accept PATH_INFO.
If you want the webserver to reply with a 404-Status, when the url is pointing to an invalid file/folder but includes a valid .php file at the beginning of the url, you can do so by adding the following i.e. to a .htaccess-file:
<Files ~ "\.php$">
AcceptPathInfo Off
</Files>
Problem: Suppose a URL is requesting a file that doesn't exist, e.g. mydomain.com/index.php/bogus
There is no folder named 'bogus' so I expect a '404 not found' response, but instead Apache sends the request to /index.php (which does exist). Why? How do I change it to respond '404 not found'?
I suppose that, in theory, Apache does this to let me generate a custom index page for the folder 'bogus' (which however does not exist). But in practice, by returning a page with 200 response, it is causing confusion to search engines and accidental visitors. My PHP code in 'index.php' is not expecting this URL and so it generates broken links in its dynamic navigation routines.
I've tried to disable indexes (Option -Indexes) and directory indexing (DirectoryIndex disabled) and removed .htaccess (AllowOverride None). None of these changed the response. I've searched stackoverflow and it has plenty of "how to serve a file instead of 404" but this is the opposite: I want Apache to return 404 instead of serving a PHP file from higher up in the file system.
My server environment is Windows Server 2008, Apache 2.2.22, and PHP 5.3. No mod_rewrite.
The solution that works is to add AcceptPathInfo Off to the Apache config file.
This directive controls whether requests that contain trailing pathname information that follows an actual filename (or non-existent file in an existing directory) will be accepted or rejected. The trailing pathname information can be made available to scripts through the CGI (common gateway interface) specifications.
When AcceptPathInfo is 'Off', the CGI parsing will keep the URL as one long string and look for a file in your filesystem to match.
When AcceptPathInfo is 'On', the CGI will separates the URL into a script name PLUS the following characters are information made available to the script.
The Apache core docs have more info: http://httpd.apache.org/docs/2.0/mod/core.html#acceptpathinfo
You don't have a folder named index.php, you have a file with that name. I think apache finds the file and decides it's found what was requested, so it serves the file.
In your index.php file, you can check that $_SERVER['REQUEST_URI'] is a valid request for index.php. If it isn't a valid request, you can use the PHP http_response_code(404) or header() functions to make your index.php return 404 for invalid URLs.
I just updated my Ubuntu outdated development server, and it broke down some configuration.
Now apache/php does not properly handle urls like index.php/profile, but will handle correctly just index.php.
Basically if there some path after index.php, then it will return 404 error:
The requested URL /index.php/profile was not found on this server.
What configuration option is likely to fix this problem? I need to fix this urgently. Thanks in advance!
Check the setting of AcceptPathInfo:
This directive controls whether requests that contain trailing pathname information that follows an actual filename (or non-existent file in an existing directory) will be accepted or rejected. The trailing pathname information can be made available to scripts in the PATH_INFO environment variable.
For example, assume the location /test/ points to a directory that contains only the single file here.html. Then requests for /test/here.html/more and /test/nothere.html/more both collect /more as PATH_INFO.
I'm looking for an SEO friendly url rewrite rule that would work for any common PHP site that doesn't have a front controller. It would map the SEO friendly url directly to the PHP file that is found to exist on the server and convert the remaining URL branches to standard URL parameters.
For example:
/folder1/folder2/folder3/page/var1/val1/var2/val2/var3/val3
would map to:
/folder1/folder2/folder3/page.php?var1=val1&var2=val2&var3=val3
Now, here's the tricky part. Since the rewrite rules need to be completely agnostic to all the names of folders, pages, and variables, it would need to base the rewrite of the URL parameters on the exact location along link where can be found a file that exists along the path. For instance, consider if the following file happened to exist (hypothetically) off the document root: /folder1/folder2.php
In this case, the following remapping would be legitimate and acceptable:
/folder1/folder2.php?folder3=page&var1=val1&var2=val2&var3=val3
This would be the ultimate rewrite rule for many traditional websites that have already been built that want their URLs and parameters to instantly become URL-friendly.
The only examples that I have found involve mapping everything to work with a single front controller or otherwise hard-coded files in the rule that are expected to exist rather than have mod_rewrite detect their existence dynamically. They're related, but not flexible for any file that is found to exist:
http://www.sitepoint.com/forums/showthread.php?t=363420
apache mod_rewrite one rule for any number of possibilities
Recursive mod_rewrite for search engine friendly urls
The Apache web server does already know such a concept:
MultiViews:
The effect of MultiViews is as follows: if the server receives a request for /some/dir/foo, if /some/dir has MultiViews enabled, and /some/dir/foo does not exist, then the server reads the directory looking for files named foo.*, and effectively fakes up a type map which names all those files, assigning them the same media types and content-encodings it would have if the client had asked for one of them by name. It then chooses the best match to the client's requirements.
Path Info:
This directive controls whether requests that contain trailing pathname information that follows an actual filename (or non-existent file in an existing directory) will be accepted or rejected. The trailing pathname information can be made available to scripts in the PATH_INFO environment variable.
For example, assume the location /test/ points to a directory that contains only the single file here.html. Then requests for /test/here.html/more and /test/nothere.html/more both collect /more as PATH_INFO.
All you then need to adjust is to take the path info part and parse it.
Besides that, if you really want to implement that behavior with mod_rewrite, try this:
RewriteCond %{DOCUMENT_ROOT}/$0.php !-f
RewriteRule ^(.+)/([^/]+)/([^/]+)$ /$1?$2=$3 [N,QSA]
RewriteCond %{DOCUMENT_ROOT}/$0.php -f
RewriteRule .+ /$0.php [L]