I see many, many sites that have URLs for individual pages such as
http://www.mysite.com/articles/this-is-article-1
http://www.mysite.com/galleries/575
And they don't redirect, they don't run slowly...
I know how to parse URL's, that's easy enough. But in my mind, that seems slow and cumbersome on a dynamic site. As well, if the pages are all staticly built (hende the custom URL) then that means all components of the page are static as well... (which would be bad)
I'd love to hear some ideas about how this is typically accomplished.
There are many ways you can handle the above. Generally speaking, there is always at least some form of redirection involved - although that could be at the .htaccess level rather than php. Here's a scenario:
Use .htaccess to redirect to your php processing script.
Parse the uri ($_SERVER['REQUEST_URI']) and ascertain the type of content (for instance, articles or galleries as per your examples).
Use the provided id (generally appended to the end of the uri, again as in your examples) to obtain the correct data - be that by serving a static file or querying a database for the requested content.
This method is a very popular way of increasing SEO, but as you rightly highlight there can be difficulties in taking this approach - not typically performance, but it can make development or administration more troublesome (the later if your implementation is not well thought out and scalable).
Firstly, when comparing /plain/ URL rewriting at the application level to using /plain/ CGI (CGI can be PHP, ISAPI, ASP.NET, etc.) with serving static pages, serving static files will always, always win. There is simply less work. For example, in Windows and Linux (that I know of) there are even enhancements in the kernel for serving static files on a local drive via HTTP. To further make the point I even found a benchmark using several servers and OSs: http://www.litespeedtech.com/web-server-performance-comparison-litespeed-2.0-vs.html#RESULT Note that serving static files is dramatically faster than using any type of CGI
However, there can potentially be performance and scalability gains by using rewritten URLs effectively and it is done with caching. If you return proper cache headers (see cache-control directive in HTTP documentation) then it enables downstream servers to cache the data so you won't even get hits on your site. However, I guess you could get the same benefit with static pages :) I just happen to read an article on this very topic a day or two ago at the High Scalability blog: http://highscalability.com/strategy-understanding-your-data-leads-best-scalability-solutions
A rewrite engine is the best approach as they are fast and optimised. Allowing your Server-Side scripting to use just plain local vars.
Apaches mod_rewrite is the most common.
It's usually done via a rewrite engine, either in the server (via something like mod_rewrite in Apache) or in the web application (all requests are routed to the web application, which looks for a route for the path specified).
In my case, I stick to the web framework with this feature already built-in. (CodeIgniter)
... As well, if the pages are all staticly
built (hende the custom URL) then that
means all components of the page are
static as well... (which would be bad)
... yes, this is very bad indeed. :o
It is possible to rewrite at
The server level in either the .htaccess file or the httpd.conf or vhosts.conf file. This is typically faster than the next level of rewriting which is done on the application level.
The application level (in this instance with PHP). You can write custom redirects that analyse the URL and redirect in some way based on that. Modern web frameworks such as the Zend Framework (ZF) use routes to control URL rewriting. The following is an example of a static route with ZF
$route = new Zend_Controller_Router_Route_Static('latest/news/this/week',
array('controller' => 'news'));
Which would redirect any request from http://somedomain.com/lastest/news/this/week to the news controller.
An example of a dynamic route would be
$route = new Zend_Controller_Router_Route('galleries/:id', array('controller' => 'gallery'));
Where the variable $id would be availbe to that controller (and using our example above would be 575)
These are very useful tools to that allow you to develop an application and retrospectively change the URL to anything you want.
A very simple way is to have a CGI parse the PATH_INFO portion of the URL.
In your example:
http://www.example.com/articles/12345 (where "articles" is a CGI script)
^CGI^ ^^^^^^PATH_INFO
Every thing after the script name is passed to the script in the PATH_INFO CGI header.
Then you can do a database lookup or whatever you wish to generate the page.
Use caution when accessing this value as the IIS server and Apache server put different portions of the URL in PATH_INFO. (IIRC: IIS incorrectly uses the entire URL and Apache prunes it as stated above.)
On apache servers mod_rewrite is the most common for this, it's an apache mod which allows you to rewrite request urls to other urls with regular expressions, so for your example something like this would be used:
RewriteEngine ON
RewriteRule ^articles/(.*) articles.php?article=$1 [L]
RewriteRule ^galleries/(\d*) galleries.php?gallerie=$1 [L]
This costs hardly any time, and in practice is just as fast as having the url:
www.mysite.com/galleries.php?gallerie=575 but looks way better
I have used this method preiously - you just need to add the file extensions that should not be redirected in the regex and then everything else is handled by php so you don't need to be going into your .htacces file
suceed with urls
Related
I am working with a typical MVC application (happens to be ZF 1.x) making use of mod_rewrite where all requests are routed to a single index.php file in my /public directory.
Both site administrators and general users are dispatched no differently. Now I am stuck trying to increase some INI values such as upload_max_filesize and post_max_size (which are PHP_INI_PERDIR changeable) only for the administrative users of the site.
Short of changing how the application is dispatching can anybody suggest an alternative method? I was looking at the possibility of some sort of conditional block in an .htaccess file perhaps... Something where the `php_value line is invoked say if the request URI matched a certain pattern. Pretty sure that is not an option but thought I would ask if anyone had found other solutions.
My options now seem to be increase the values for all users, or rewrite things so that the specific pages needing these increased values are dispatched through a separate directory where I can drop in an alternate .htaccess file.
HTTP is not user aware per se, it's a mechanism managed by PHP through the use of cookies, therefore, no, you can't do anything about it except increase the values for everyone!
Cant you do like (pseudo code)?
if($user=='admin') ini_set('upload_max_filesize','100m');
Nowadays, Developers and Professionals tend to use PHP templates because of two reasons. They are manageable and secondly, we don't need to advertise our technology as there are no question marks and .php extensions within the URL.
But how to make non-advertisement of your technology possible while sending a jQuery Ajax request to load a PHP file in a div. I mean we would, have to write $.get('phpfile.php') within the script and one can say that voa he is using PHP hmmmm.
Simply, I want to ask is there is any way of loading a PHP through request without advertising your technology as above told.
Some coding will be honored.
But how to make non-advertisement of your technology possible while sending a jQuery ajax request to load a php file in a div. I mean we would, have to write $.load('phpfile.php') within the script and one can say that voa he is using PHP hmmmm.
I don't get it. jQuery doesn't know about PHP files. If your website has 2 "public pages" www.example.com and www.example.com/foo, then you can access to the /foo page from the homepage with something like $.get("/foo"). Here I use AJAX, jQuery, and nobody knows if my page use PHP or whatever.
Then, you should look for mod_rewrite has explained by verisimilitude, but rewriting url is not the unique solution. Have a look to this site http://builtwith.com/ and enter a random url. Web servers send, by default, a lot of data about themselves, so you should avoid that behavior too if you want to "hide" the technology used. Have a look here http://xianshield.org/guides/apache2.0guide.html. It's "a guide to installing and hardening an Apache 2.0 web server to common security standards.". You may find useful information in there.
Edit
And also, "PHP templates" are not related to pages URL at all. For example, you could have multiple URL which use the same "PHP template".
mod_rewrite is the best answer for all your predicaments. Why not use it? The URL phpfile.php in your above code could be rewritten to achieve the obfuscation...
#pomeh. Good point.
See. two things can be done here.
1) Disable the APACHE signature. In the default configuration of Apache, any page served through it will contain a full signature of the server. Server signatures contain valuable information about installed software and can be read (and exploited). Therefore is it safer to turn off this behavior. This is how you do it. Open Apache’s configuration file (httpd.conf or apache2.conf) and search for ServerSignature . Set it to 'Off'. After that search for ServerTokens and set it to 'Prod'.
2) Set "expose_php" in php.ini to false: Exposes to the world that PHP is installed on the server, which includes the PHP version within the HTTP header.
3) There are some php obfuscators available which also may be used. I will not recommend them since I've not personally tried them.
There are ways and means beyond these to hide the "technology". By default, a php enabled APACHE web server processes and interprets all files with .php extension. But we can bind any weirdo extension to hide the technology to be processed by the server..
I guess verisimilitude and pomeh already answered this question.
All web servers send information about themselves over the internet. You cant hide that.
If you want to hide file extensions, like 'aspx, php, asp, html' then you will need to use mod_rewrite under Apache or something like URL Rewrite under IIS7.
You can also set default documents under IIS7. This really only works once per web folder. For example you can set default.htm as one of the default documents. When a visitor goes to your website they type www.domain.com and they get a web page. That visitor is actually looking at www.domain.com/default.htm
Is there a way to insert relative URLS in php code such as /forums/(forumID)/ into tags while setting up my site? Then when I am trying to get which forumID the current page is, to get it via a $_GET request without using a template system like Smarty, CakePHP etc or Apache rewrite module? Or is it a huge headache? I just want to be able to not be bound to one web server type (Apache).
Clean urls are fairly easy to do, but if the web pages are vastly different, it may cause some problems.
You'll need to edit your .htaccess file and add something similar to this
RewriteEngine On
RewriteRule ^([a-zA-Z0-9]+)$ index.php?page=$1
#This will process http://example.com/forum as http://example.com/index.php?page=forum
RewriteRule ^([a-zA-Z0-9]+)/$ index.php?page=$1
#This includes the trailing slash
RewriteRule ^([a-zA-Z0-9]+)/([a-zA-Z0-9]+)$ index.php?page=$1&id=$2
#This will process http://example.com/forum/512 as http://example.com/index.php?page=forum&id=512
This is a good source for more information http://www.desiquintans.com/cleanurls
... carried on from OP comments.
These frameworks read the request again in their respective languages to allow the framework to route to specific controllers, but they still need the webserver to be setup to send the request to the framework in the first place.
Client requests http://example.com/forums/123
After DNS lookup, request hits server at 127.0.0.1:80
Webserver (eg Apache) listens for port 80 and accepts request
Apache routes request to server-side script
This is the journey as the web server sees it. It needs to read the request before it even hits the server-side scripting language (PHP/Python/Ruby etc).
The server-side languages can then re-read the URL once the webserver has hit the front controller as they please.
The main reasons to have clean urls from an architecture point of view:
They are not tied to any programming language. If you have .php or any other extensions, you'd have to set up your server to accept .php extensions for other languages if you switch to ASP.net.
They are are easy to route in any language or server setup. All modern servers I know of have modules to route urls.
Note that to use a programming language to route the urls, you still have to set up your server to direct everything to a bootstrap file. Honestly, you are not getting around server configurations of some kind no matter what.
Conclusion: your logic for wanting your project set up this way will not work without doing some server setup.
I've been using HTTP authentication through .htaccess files every time I've needed quick and dirty password protection for a complete directory (most of the times, in order to hide third-party apps I install for private use). Now I've written some PHP code to replace local passwords with OpenID. That allows me to get rid of HTTP auth in my PHP sites. However, I'm still trying to figure out a trick I can use in non-PHP stuff (from third-party programs to random stuff).
Apache does not seem to support authentication with custom scripts by default (whatever I do, it should work in my hosting provider). That leaves the obvious solution of using mod_rewrite to route everything though a PHP script that checks credentials and reads the target file but 1) it looks like a performance killer 2) it will interfere with dynamic stuff, such as other PHP scripts.
I'm wondering whether there's a way to tune up the router approach so the script does not need to send the file, or if I'm overlooking some other approach. Any idea?
I think your mod_rewrite approach would be the only way to do this - but instead of using readfile() (as I guess you are, based on what you say about it will interfere with dynamic stuff, such as other PHP scripts) you can just include() them, so that raw files are written straight to output and PHP code is executed.
You may use PHP HTTP-AUTH http://php.net/manual/en/features.http-auth.php
If OpenID is all what you need consider usage of mod_auth_openid for apache
I want to create an application in PHP implementing virtual directory feature.
Example: http://mydomain.com/user001 will display the contents of the url http://mydomain.com/index.php?user=user001. How can I do that?
Note:
I am using Apache server.
The traditional way to do it is mod_rewrite.
Please read this friendly article regarding rewrite.
Next, try to find a simple way in PHP to parse this variable $_SERVER['REQUEST_URI'].
After doing that, you have the name of the directory and you can get its data from the DB.
Intercept the HTTP request using the 'REQUEST_URI' element of $_SERVER. This returns (I believe) only the requested page, not the entire URI/URL - more info here. Once you've grabbed the page request, substitute the address of the actual file that's needed. For example, the user-friendly www.somewebsite.com/page01 becomes a request for the more clunky-sounding www.somewebsite.com?page01.php. This method won't create a virtual directory, as such, but should work okay. I have used a similar method on my own IT website, where each page is loaded via index.php, allowing that file to keep a log of visitors in real time (the site has Webalizer, which runs a day or so in arrears).
Rewriting the filename might work, although it's not to my personal taste. Using PHP to effect a URI/URL-swap would likely carry the benefit of reduced server demand, due to requiring less disk read/write time than filename rewrites.
I hope that helps.