+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: Suggested .htaccess rewrite is not hiding system folder (/showthread.php?tid=26331)
Pages:
1
2
Suggested .htaccess rewrite is not hiding system folder - El Forum - 01-11-2010
[eluser]helloworldly[/eluser]
I'm using the suggested modrewrite rules which work great in removing index.php from the url but do not also remove access to the system folder as it suggests it should: (From Codeigniter wiki: http://codeigniter.com/wiki/mod_rewrite/)
I also have config/config.php set as suggested with:
$config['index_page'] = "";
$config['uri_protocol'] = "QUERY_STRING";
Everything works fine locally using MAMP and remotely using GoDaddy server re: removing index.php from the url, but I am still able to view the system folder and its contents on both MAMP and GoDaddy. So, as an example, going to http://example.com/folderWhereFullAppResides/system/application/views/example_view.php will display the view contents rather than redirecting to app's index.php as htaccess implies it should.
As an alternative to using htaccess rules: I'd love to move the system outside the public www view, but that is not possible with GoDaddy from what I can see and so am bound to using .htaccess rules.
Seems this part of the suggested htaccess file is not functioning as intended in my environments:
#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
If it matters: the client is using the "deluxe" GoDaddy setup where multiple domains / sites can be hosted from 1 account.
Any thoughts? Thanks much.
Suggested .htaccess rewrite is not hiding system folder - El Forum - 01-11-2010
[eluser]Rick Jolly[/eluser]
You could try this and make sure it is above any other rules.
Code:
RewriteCond $1 ^system [NC]
RewriteRule ^(.*)$ /index.php?/$1 [L]Edit: removed the not ("!")
Suggested .htaccess rewrite is not hiding system folder - El Forum - 01-11-2010
[eluser]helloworldly[/eluser]
Thanks Rick. Yes, it's preventing access to system folder now, though it couldn't find the index.php:
"The requested URL /index.php was not found on this server."
So originally it was:
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
And you added this similar rule above other rules:
RewriteCond $1 ^system [NC]
RewriteRule ^(.*)$ /index.php?/$1 [L]
What's the difference between the two? Why would two rules be needed?
Thanks Rick!
Suggested .htaccess rewrite is not hiding system folder - El Forum - 01-11-2010
[eluser]Rick Jolly[/eluser]
Well that can't be your only rule, or all urls besides those starting with "system" wouldn't work. For example, you could use rules that look something like this:
Code:
RewriteCond $1 ^system [NC]
RewriteRule ^(.*)$ /index.php?/$1 [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?/$1 [L]Quote:What’s the difference between the two?
For you, probably nothing. But I think it is better to not use REQUEST_URI in .htaccess if your RewriteBase is a subdirectory - which apparently doesn't apply to you. Otherwise you'd have to include your subdirectory before the "system" in the REQUEST_URI RewriteCond. It's a subtle difference and only applies if you are working in a subdirectory and using .htaccess.
So I don't think the rewrite rule by itself was the problem. I suspect some other rule above it matched so that rule wasn't executed. The [L] means last - "if this rule matched, don't execute another".
Quote:Why would two rules be needed?One rule must match, or your script won't be found.
Suggested .htaccess rewrite is not hiding system folder - El Forum - 01-11-2010
[eluser]Rick Jolly[/eluser]
If you are not aware, on most hosts you move your system directory above the web root so that it cannot be accessed through a url. Also, as opposed to sending requests to "system" through CI, you could just disallow those requests entirely.
Suggested .htaccess rewrite is not hiding system folder - El Forum - 01-11-2010
[eluser]helloworldly[/eluser]
Quote:"If you are not aware, on most hosts you move your system directory above the web root so that it cannot be accessed through a url."
Yeah I wish Go Daddy gave me that freedom but they don't. At least not on the plan my client has -- or not that I can see anyway.
Re: my htaccess - i had the exact copy of the recommended htaccess from that codeigniter wiki post i linked to in my first post. The only difference wasthat i commented out the rewritebase:
Code:
<IfModule mod_rewrite.c>
RewriteEngine On
# Allow or disallow use of RewriteBase
# RewriteBase /
RewriteCond $1 ^system [NC]
RewriteRule ^(.*)$ /index.php?/$1 [L]
#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
# If we don't have mod_rewrite installed, all 404's
# can be sent to index.php, and everything works as normal.
# Submitted by: ElliotHaughin
ErrorDocument 404 /index.php
</IfModule>Suggested .htaccess rewrite is not hiding system folder - El Forum - 01-11-2010
[eluser]Rick Jolly[/eluser]
Notice the "/" before index.php on the first 2 rules? I thought that was specific to GoDaddy, but I see your last rule doesn't have it. Remove the "/" in front of index.php for all rules and you should be good to go.
Suggested .htaccess rewrite is not hiding system folder - El Forum - 01-11-2010
[eluser]Johan André[/eluser]
Correct me if I'm wrong, but doesn't CI limit the direct access to core-files if the constant BASE is not defined?
Suggested .htaccess rewrite is not hiding system folder - El Forum - 01-11-2010
[eluser]helloworldly[/eluser]
Yeah just seems like a path issue... this helped - isntead of giving a php error - it directs to the stylized 404 page. Though I thought it was to go to the index.php and display the home page...
Just a path issue i guess...
Suggested .htaccess rewrite is not hiding system folder - El Forum - 01-11-2010
[eluser]Rick Jolly[/eluser]
[quote author="helloworldly" date="1263270474"]Yeah just seems like a path issue... this helped - isntead of giving a php error - it directs to the stylized 404 page. Though I thought it was to go to the index.php and display the home page...
Just a path issue i guess...[/quote]
Expected behavior. If you typed example.com/fsdfjsdlfjj you'd get the 404 page. If the url can't be resolved to a controller/method, then 404.