Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers Super .htaccess file
Super .htaccess file
  • El Forum
    Guest
  •  
#1
07-16-2008, 10:10 PM

[eluser]Xeoncross[/eluser]
Well, I just wasn't happy with the default .htaccess file that is provided in the Doc's. So here is a more complex version that will keep people from accessing things like:
http://site.com/system/application/views...essage.php
Which can be accessed with the unsafe default .htaccess file.

Code:
# Deny OR Allow Folder Indexes.
# Since we disable access to PHP files you
# can leave this on without worries.
# OR better yet, create a .htaccess file in
# the dir you want to allow browsing and
# set it to +Indexes
Options -Indexes

Options +FollowSymLinks

# Set the default file for indexes
DirectoryIndex index.php

<IfModule mod_rewrite.c>
    # mod_rewrite rules
    RewriteEngine on

    # The RewriteBase of the system (if you are using this sytem in a sub-folder).
    # RewriteBase /CodeIgniter_1.6.3/
    
    # This will make the site only accessible without the "www."
    # (which will keep the subdomain-sensive config file happy)
    # If you want the site to be accessed WITH the "www."
    # comment-out the following two lines.
    # RewriteCond %{HTTP_HOST} ^www\.site\.com$ [NC]
    # RewriteRule ^(.*)$ http://site.com/$1 [L,R=301]
    
    # If a controler can't be found - then issue a 404 error from PHP
    # Error messages (via the "error" plugin)
    # ErrorDocument 403 /index.php/403/
    # ErrorDocument 404 /index.php/404/
    # ErrorDocument 500 /index.php/500/
    
    # Deny any people (or bots) from the following sites: (to stop spam comments)
    # RewriteCond %{HTTP_REFERER} nienschanz\.ru [NC,OR]
    # RewriteCond %{HTTP_REFERER} porn\.com
    # RewriteRule .* - [F]
    # Note: if you are having trouble from a certain URL just
    # add it above to forbide all visitors from that site.

    # You can also uncomment this if you know the IP:
    # Deny from 192.168.1.1
    
    # If the file is NOT the index.php file
    RewriteCond %{REQUEST_FILENAME} !index.php
    # Hide all PHP files so none can be accessed by HTTP
    RewriteRule (.*)\.php$ index.php/$1
    
    # If the file/dir is NOT real go to index
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php/$1 [QSA,L]
    
</IfModule>

# If Mod_ewrite is NOT installed go to index.php
<IfModule !mod_rewrite.c>
    ErrorDocument 404 index.php
</IfModule>

With this file even valid links to .php files are blocked and you don't have to make any more annoying index.html files that say "Not Allowed". All CSS, IMG, JS, PDF, etc files are allowed AND you can enable Directory browsing (SVN) without worrying about people running your PHP files. Plus with this file you can block IP's or Referrer requests if you deal with dump bots that always come from the same place.


If you are looking for a way to turn you site into an international sensation - then you might like something like this.

Code:
RewriteRule ^(.*)-fr$ http://www.google.com/translate_c?hl=fr&sl=en&u=http://site.com/$1 [R,NC]
RewriteRule ^(.*)-de$ http://www.google.com/translate_c?hl=de&sl=en&u=http://site.com/$1 [R,NC]
RewriteRule ^(.*)-es$ http://www.google.com/translate_c?hl=es&sl=en&u=http://site.com/$1 [R,NC]
RewriteRule ^(.*)-it$ http://www.google.com/translate_c?hl=it&sl=en&u=http://site.com/$1 [R,NC]

All you would need to do is add a a couple links on your pages with the variables "-fr" appended to the end of what ever URL is in the link and your set.

Code:
//View file
View Page in &lt;a href="&lt;?php print $this->uri_string(); ?&gt;-de">German</a>
  • El Forum
    Guest
  •  
#2
07-17-2008, 01:48 PM

[eluser]RaZoR LeGaCy[/eluser]
this sounds like exactly what everyone needs to have.

can we get some testing and comments on these?

Thanx all
  • El Forum
    Guest
  •  
#3
07-17-2008, 08:00 PM

[eluser]Popcorn[/eluser]
The systems folder should be outside of the web root and not publicly accessible. You would not run into the issue you are describing then.
  • El Forum
    Guest
  •  
#4
07-18-2008, 08:26 AM

[eluser]Xeoncross[/eluser]
@RaZoR LaGaCy: Thanks, I know a lot of people block things like bad bots from within PHP scripts - but why even let them get that far? Or maybe you don't like to see the "www." in your url and want that removed. I would love to see others test this. So far I haven't found any problems...

@Popcorn: This file covers more than just moving the system folder - but I see your point. I personally left the "system" folder where it was and just moved the "application" folder. However, for people who wish to leave the default folder setup the way it is (and not worry about moving stuff around) this file takes care of that while still allowing something like SVN or a "downloads" folder to be accessed/browsed without threat to your system.
  • El Forum
    Guest
  •  
#5
07-18-2008, 09:31 AM

[eluser]Bramme[/eluser]
so with the current comments, your URL includes the www. ?

I'll try this one out Wink

edit: Okay, stupid me. I run my application from a subdomain while in development. My screen is now blank and I forgot to backup my old .htaccess in my rush to test this one.
  • El Forum
    Guest
  •  
#6
07-18-2008, 01:02 PM

[eluser]Xeoncross[/eluser]
darn, lol.

I did that with a config file a couple of times %-P
  • El Forum
    Guest
  •  
#7
07-18-2008, 02:00 PM

[eluser]Bramme[/eluser]
Okay, note: the blank screen isn't the .htaccess file's fault. It's my host being shit again.
  • El Forum
    Guest
  •  
#8
07-18-2008, 02:41 PM

[eluser]Xeoncross[/eluser]
For developing, install wampserver or Xampp so you don't have to mess with anyone else's junk.
  • El Forum
    Guest
  •  
#9
07-19-2008, 12:16 PM

[eluser]Maxximus[/eluser]
Okay, you might want to add:
Code:
<ifModule mod_expires.c>
  <filesmatch "\.(ico|flv|jpg|jpeg|png|gif|js|css|swf)$">
       ExpiresActive on
       ExpiresDefault "access plus 1 year"
   </filesmatch>
</ifModule>

<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/xhtml text/html text/plain text/xml text/javascript application/x-javascript text/css
</IfModule>

FileETag none

mod_expires adds an expires tag to the mentioned files, so it will be user-cached for quite some time (one year to be exact Wink).
mod_deflate will use deflate (gzip-like) for the mentioned types, even you did not set it up in PHP or CI. Really fast and safe way, and your JS/CSS will be gzipped (deflated) as a bonus.

FileETag is useless according to Yahoo (not true), but the mod_expires will make sure user-caching is used.

The above will make YSlow very happy (and actually will help lowering your traffic a lot), provided that you will enable these modules in your Apache config of course.
  • El Forum
    Guest
  •  
#10
07-22-2008, 08:15 AM

[eluser]MCrittenden[/eluser]
Just wanted to point out that a few hosts don't allow users to move anything above the web root, so this would serve as a good alternative answer to the problem of directly accessing things like views.




Theme © iAndrew 2016 - Forum software by © MyBB