[eluser]Daniel Moore[/eluser]
It seems that many people are still having .htaccess issues, even as often as it is discussed on these forums. Looking at all the different posts, it seems that while one answer may resolve one person's issue, it may not address another person's issue.
Perhaps it's time to revisit the super .htaccess file once again that Xeoncross once submitted in these forums, but this time configure that .htaccess file to handle everyone's issue. It should be WAY over commented to make sure it is self-explanatory to even the most novice .htaccess users.
Most of us know, what works with most hosts does not work with GoDaddy accounts, and what works with GoDaddy may not work with BlueHost, and BlueHost may not work with DreamHost, etc. So, an .htaccess where you choose the lines you need is called for, along with explanations on how to choose and why. I encourage people to respond and help me fine tune the "comments" and the "code lines" until this is the perfect do-all and be-all for all hosting environments. Once completed and vetted thoroughly, I'll write up a tutorial that we can all link to when we need to guide newcomers, and it may even be handy for the seasoned people to refer back to once in a while.
Ok, here is the .htaccess file I have so far. Please feel free to comment/criticize/suggest additions/suggest removals. If you have a comment or suggestion, please be clear as to why you feel something should be changed, added, removed, along with a simple explanation that those who are novices can understand.
I'll have to break it up into multiple posts, as it is too long for one post.
Code: #-------------------------------------------------------------------------------
# CodeIgniter .htaccess file for the main index.php directory
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
# If you must have your CI "system" directory at http://www.domain.tld/system/,
# Then I advise you to place a .htaccess file in that directory
# with "deny from all" in it.
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
# Be sure to replace "domain.tld" with your actual domain and tld anywhere this
# appears in this file.
#-------------------------------------------------------------------------------
#-------------------------------------------------------------------------------
# Restore "allow from all" / I use a "deny from all" in some directory
# structures, especially where I am hosting multiple sub-domains that point to
# subdirectories of the main domain, this restores it.
#-------------------------------------------------------------------------------
#allow from all
#-------------------------------------------------------------------------------
# Turn off directory listings for increased security
#-------------------------------------------------------------------------------
Options -Indexes
#-------------------------------------------------------------------------------
# Turn on following symbolic links.
#-------------------------------------------------------------------------------
Options +FollowSymLinks
#-------------------------------------------------------------------------------
# Some web servers require this for index.php to be removed properly. You may
# try your .htaccess with or without the following line.
# Most work fine with it.
#-------------------------------------------------------------------------------
Options -MultiViews
#-------------------------------------------------------------------------------
# Make index.php the directory index page
#-------------------------------------------------------------------------------
DirectoryIndex index.php
to be continued...
[eluser]Daniel Moore[/eluser]
continued from previous post...
paste this to the end of the previous code block.
Code: #-------------------------------------------------------------------------------
# Always make sure mod_rewrite is installed before using.
# If you are on a Linux server, uncomment the line with mod_rewrite.c
# If on a Windows server using XAMPP, uncomment the line with mod_rewrite.so
#-------------------------------------------------------------------------------
<IfModule mod_rewrite.c>
#<IfModule mod_rewrite.so>
#-----------------------------------------------------------------------------
# Turn on the RewriteEngine
#-----------------------------------------------------------------------------
RewriteEngine on
#-----------------------------------------------------------------------------
# Set the base directory where the application root is located.
#-----------------------------------------------------------------------------
# If your application is at http://www.domain.tld/path/to/CI_Application/
# then uncomment the following line. Change /path/to/CI_Application/ to the
# actual URL path not including the domain.tld (or localhost).
# This includes using a subdirectory on localhost, like
# http://localhost/path/to/CI_Application/
#RewriteBase /path/to/CI_Application/
# If your application is at http://www.domain.tld/ (or is http://localhost/)
# then uncomment the following line.
RewriteBase /
#-----------------------------------------------------------------------------
# The following 2 lines will force a www.prefix. If you want to make sure
# your site always displays the www subdomain, then uncomment the following
# 2 lines.
#-----------------------------------------------------------------------------
#RewriteCond %{HTTP_HOST} !^www\.domain\.tld$ [NC]
#RewriteRule ^(.*)$ http://www.domain.tld/$1 [R=301,L]
#-----------------------------------------------------------------------------
# The following 2 lines will remove a www prefix. If you wish to remove the
# www and always have http://domain.tld instead of http://www.domain.tld
# then uncomment the following 2 lines.
#-----------------------------------------------------------------------------
#RewriteCond %{HTTP_HOST} ^www\.domain\.tld$ [NC]
#RewriteRule ^(.*)$ http://domain.tld/$1 [L,R=301]
#-----------------------------------------------------------------------------
# If a controler can't be found - then issue a 404 error from PHP
# Error messages (via the "error" plugin)
#-----------------------------------------------------------------------------
#ErrorDocument 403 /index.php/403/
#ErrorDocument 404 /index.php/404/
#ErrorDocument 500 /index.php/500/
#-----------------------------------------------------------------------------
# Deny any people (or bots) from the following sites: (to stop spam comments)
#-----------------------------------------------------------------------------
#RewriteCond %{HTTP_REFERER} nienschanz\.ru [NC,OR]
#RewriteCond %{HTTP_REFERER} porn\.com
#RewriteRule .* - [F]
# NOTE: If you are having trouble from a certain URL just
# add it above to forbid all visitors from that site.
#-----------------------------------------------------------------------------
# You can also uncomment this if you know the IP:
# Just place the IP address you wish to deny here.
# You may use multiple IP addresses separated by a space.
# You may also use a domain, tld, or a part thereof.
# Deny from 192.168.1.1 127.0.0.1
# Deny from .net example.com
# The above will deny from example.com and from all .net locations.
#-----------------------------------------------------------------------------
#Deny from 192.168.1.1
#-----------------------------------------------------------------------------
# METHOD #1 of HIDING PHP FILES. (There is an alternate method further down.)
# If the file is NOT the index.php file then
# Hide all PHP files so none can be accessed by HTTP.
# This may not be desirable in all cases.
#-----------------------------------------------------------------------------
#RewriteCond %{REQUEST_FILENAME} !index.php
#RewriteRule (.*)\.php$ index.php/$1
#-----------------------------------------------------------------------------
# The following lines begin the conditional setup for removing index.php
# Use either METHOD #1 or METHOD #2, but not both.
#-----------------------------------------------------------------------------
# METHOD #1
# If you want to redirect all files and directories that do not exist (404)
# then use the following 2 statements. This is how
# http://domain.tld/controller/ is redirected to http://domain.tld/index.php
# because /controller/ doesn't really exist, so now CI can use the URL to
# call the correct controller. This is the standard and default method.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
to be continued...
[eluser]Daniel Moore[/eluser]
Again, continued... Final part. Paste all 3 code segments to make one super .htaccess file.
Sorry for the long comments, they are for the novices to help them learn.
You can trim down your copy of it for your own use easy enough.
Code: # METHOD #2
# If you want to redirect all files/directories that are not a request
# for the following:
# index.php, robots.txt, favicon.ico, /public/, /img/, /css/, /js/
# then use the following statement.
# If you have other applications that are non-CI integrated into your site,
# Like a third-party forum or blog, then this will disable it. Do not
# use if you need to call third-party PHP files.
#RewriteCond $1 !^(index\.php|public|img|css|js|robots\.txt|favicon\.ico)
# ADDITIONAL REWRITE CONDITION: This may be used in addition to one of the
# above METHODs.
# METHOD #2 of HIDING PHP FILES: This is to be used exclusively of the
# method #1 of hiding PHP files listed above. Do not use both methods.
# Explanation: If you would like to hide all PHP files so none can be
# accessed by HTTP, then use the following line.
# NOTE: If you have other applications that are non-CI integrated into your
# site, like a third-party forum or blog, then this will disable it. Do not
# use if you need to call third-party PHP files.
# If you need heightened security against use of PHP files, see my tutorial
# on how to properly protect your directories.
# NOTE: I have not personally tested this condition yet. If you have tested
# it and verified it works or does not work, please contact me and tell me
# about it. http://www.danielwmoore.com/contact.
#RewriteCond %{REQUEST_FILENAME}\.php -f [NC]
#-----------------------------------------------------------------------------
# use the following line if CI is in the root of the URL.
# You may need to use index.php/$1 or index.php?/$1
# Try it with or without the ? after index.php to see which works for you.
# GoDaddy accounts require the ?
# My localhost with XAMPP on Windows also requires the ?
# Most hosts work correctly without the ?, so try it without first unless
# you know your host requires it. It is placed here so you will know where
# it goes in case you need it.
# [NC] = no case - case insensitive
# [L] = Last rule, last rewrite for this set of conditions
# [QSA] = Query String Append, should be used to prevent all redirects from
# going to your default controller, which happens on some server
# configurations.
#-----------------------------------------------------------------------------
#RewriteRule ^(.*)$ index.php?/$1 [NC,L,QSA]
RewriteRule ^(.*)$ index.php/$1 [NC,L,QSA]
#-----------------------------------------------------------------------------
# use the following if CI is in a sub-directory, and place this
# file IN that subdirectory.
# If your CI Application is at http://www.domain.tld/CI_Application/
# Replace 'CI_Application' with the name of the sub-directory.
# Try it with or without the ? after index.php to see which works for you.
# See above for the reasons for the '?'.
# Be sure that this matches the RewriteBase above.
# [NC] = no case - case insensitive
# [L] = Last rule, last rewrite for this set of conditions
# [QSA] = Query String Append, should be used to prevent all redirects from
# going to your default controller, which happens on some server
# configurations.
#-----------------------------------------------------------------------------
#RewriteRule ^(.*)$ CI_Application/index.php?/$1 [NC,L,QSA]
#RewriteRule ^(.*)$ CI_Application/index.php/$1 [NC,L,QSA]
#-------------------------------------------------------------------------------
# Don't forget to end the IfModule check for the rewrite engine.
#-------------------------------------------------------------------------------
</IfModule>
#-------------------------------------------------------------------------------
# If Mod_rewrite is NOT installed go to index.php
# Remember to use mod_rewrite.c for Linux and mod_rewrite.so for Windows.
#-------------------------------------------------------------------------------
<IfModule !mod_rewrite.c>
#<IfModule !mod_rewrite.so>
ErrorDocument 404 index.php
</IfModule>
Now that it's posted, please suggest anything that needs to be changed, added, improved, removed, etc.
I'll put the tutorial up (not in the forum, as the posts would be too long) and post a link when the discussion on this shows it's passed everyone's approval. Pleasing everyone is nearly impossible, but it is what I'm attempting with this .htaccess file.
The entire .htaccess file is at http://www.danielwmoore.com/remove_index...odeigniter to make it easier to copy.
The .htaccess file at http://www.danielwmoore.com/remove_index...odeigniter will always be the most up-to-date copy, and there will be additional instructions there on configuring CI for removing the index.php.
[eluser]Colin Williams[/eluser]
You should use either:
Code: RewriteCond $1 !^(index\.php|public|img|css|js|robots\.txt|favicon\.ico)
or
Code: RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
It's redundant to use both
Also, you've repeated a section twice.
[eluser]wiredesignz[/eluser]
[quote author="Colin Williams" date="1240145770"]You should use either:
Code: RewriteCond $1 !^(index\.php|public|img|css|js|robots\.txt|favicon\.ico)
or
Code: RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
It's redundant to use both[/quote]
Colin is correct with this, use one method or the other, not both.
Also bear in mind that the latter choice may cause CI to run your application more than once if any resource's cannot be found. ie: missing css files or images therein.
[eluser]Daniel Moore[/eluser]
[quote author="Colin Williams" date="1240145770"]You should use either:
Code: RewriteCond $1 !^(index\.php|public|img|css|js|robots\.txt|favicon\.ico)
or
Code: RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
It's redundant to use both
[/quote]
Thank you, I've gone back and documented each method and explain why someone would want to use either choice, and it now gives them a choice as in other areas.
[quote author="Colin Williams" date="1240145770"]
Also, you've repeated a section twice.[/quote]
Please point out exactly what section is repeated twice. I don't see it.
If you're talking about:
Code: #-----------------------------------------------------------------------------
# The following 2 lines will force a www.prefix. If you want to make sure
# your site always displays the www subdomain, then uncomment the following
# 2 lines.
#-----------------------------------------------------------------------------
#RewriteCond %{HTTP_HOST} !^www\.domain\.tld$ [NC]
#RewriteRule ^(.*)$ http://www.domain.tld/$1 [R=301,L]
#-----------------------------------------------------------------------------
# The following 2 lines will remove a www prefix. If you wish to remove the
# www and always have http://domain.tld instead of http://www.domain.tld
# then uncomment the following 2 lines.
#-----------------------------------------------------------------------------
#RewriteCond %{HTTP_HOST} ^www\.domain\.tld$ [NC]
#RewriteRule ^(.*)$ http://domain.tld/$1 [R=301,L]
This is not repeating. One section forces "www." and the other section removes "www.".
[eluser]Xeoncross[/eluser]
Thank you for taking the time to re-document this file. I know that when I was first starting out I needed lots of help in understanding the different ways .htaccess could help with my sites.
Also, regarding hiding the PHP files I think that there is a better way to do it. The goal is to hide anything that contains a ___.php at the end (or whatever ext you use) so something like this might be better.
Code: # If the file/dir is not real
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Or if they are trying to access a PHP file
# (Hide all PHP files so none can be accessed by HTTP)
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ index.php?/$1 [QSA,L]
Of course, I have not tested this method yet, but you get the idea.
[eluser]Daniel Moore[/eluser]
@Xeoncross: I'll have to test that method tomorrow. I'm out of town today, so don't have access to my computer to test. I personally don't have any reason to hide all .php files, since any .php files I have beside the main index.php reside in a directory with a "deny from all" .htaccess file, which I think is the best and safest method.
I'll look into that method tomorrow and try to give the time to test it thoroughly.
[eluser]Xeoncross[/eluser]
[quote author="Daniel Moore" date="1240194688"]I personally don't have any reason to hide all .php files, since any .php files I have beside the main index.php reside in a directory with a "deny from all" .htaccess file, which I think is the best and safest method.[/quote]
Unfortunately, the majority of the world uses shared-hosting so they don't have that option. I even use it for some of my projects. ;-)
:EDIT: sorry, I didn't fully read that comment.
[eluser]Colin Williams[/eluser]
Yep, Daniel. I was talking about that bit. My bad. This is a great resource you have provided.
|