Super .htaccess file |
[eluser]Xeoncross[/eluser]
Well, I just wasn't happy with the default .htaccess file that is provided in the Doc's. So here is a more complex version that will keep people from accessing things like: http://site.com/system/application/views...essage.php Which can be accessed with the unsafe default .htaccess file. Code: # Deny OR Allow Folder Indexes. With this file even valid links to .php files are blocked and you don't have to make any more annoying index.html files that say "Not Allowed". All CSS, IMG, JS, PDF, etc files are allowed AND you can enable Directory browsing (SVN) without worrying about people running your PHP files. Plus with this file you can block IP's or Referrer requests if you deal with dump bots that always come from the same place. If you are looking for a way to turn you site into an international sensation - then you might like something like this. Code: RewriteRule ^(.*)-fr$ http://www.google.com/translate_c?hl=fr&sl=en&u=http://site.com/$1 [R,NC] All you would need to do is add a a couple links on your pages with the variables "-fr" appended to the end of what ever URL is in the link and your set. Code: //View file
[eluser]RaZoR LeGaCy[/eluser]
this sounds like exactly what everyone needs to have. can we get some testing and comments on these? Thanx all
[eluser]Popcorn[/eluser]
The systems folder should be outside of the web root and not publicly accessible. You would not run into the issue you are describing then.
[eluser]Xeoncross[/eluser]
@RaZoR LaGaCy: Thanks, I know a lot of people block things like bad bots from within PHP scripts - but why even let them get that far? Or maybe you don't like to see the "www." in your url and want that removed. I would love to see others test this. So far I haven't found any problems... @Popcorn: This file covers more than just moving the system folder - but I see your point. I personally left the "system" folder where it was and just moved the "application" folder. However, for people who wish to leave the default folder setup the way it is (and not worry about moving stuff around) this file takes care of that while still allowing something like SVN or a "downloads" folder to be accessed/browsed without threat to your system.
[eluser]Bramme[/eluser]
so with the current comments, your URL includes the www. ? I'll try this one out edit: Okay, stupid me. I run my application from a subdomain while in development. My screen is now blank and I forgot to backup my old .htaccess in my rush to test this one.
[eluser]Xeoncross[/eluser]
darn, lol. I did that with a config file a couple of times %-P
[eluser]Bramme[/eluser]
Okay, note: the blank screen isn't the .htaccess file's fault. It's my host being shit again.
[eluser]Xeoncross[/eluser]
For developing, install wampserver or Xampp so you don't have to mess with anyone else's junk.
[eluser]Maxximus[/eluser]
Okay, you might want to add: Code: <ifModule mod_expires.c> mod_expires adds an expires tag to the mentioned files, so it will be user-cached for quite some time (one year to be exact ). mod_deflate will use deflate (gzip-like) for the mentioned types, even you did not set it up in PHP or CI. Really fast and safe way, and your JS/CSS will be gzipped (deflated) as a bonus. FileETag is useless according to Yahoo (not true), but the mod_expires will make sure user-caching is used. The above will make YSlow very happy (and actually will help lowering your traffic a lot), provided that you will enable these modules in your Apache config of course.
[eluser]MCrittenden[/eluser]
Just wanted to point out that a few hosts don't allow users to move anything above the web root, so this would serve as a good alternative answer to the problem of directly accessing things like views. |
Welcome Guest, Not a member yet? Register Sign In |