Suggested .htaccess rewrite is not hiding system folder |
[eluser]helloworldly[/eluser]
I'm using the suggested modrewrite rules which work great in removing index.php from the url but do not also remove access to the system folder as it suggests it should: (From Codeigniter wiki: http://codeigniter.com/wiki/mod_rewrite/) I also have config/config.php set as suggested with: $config['index_page'] = ""; $config['uri_protocol'] = "QUERY_STRING"; Everything works fine locally using MAMP and remotely using GoDaddy server re: removing index.php from the url, but I am still able to view the system folder and its contents on both MAMP and GoDaddy. So, as an example, going to http://example.com/folderWhereFullAppRes...e_view.php will display the view contents rather than redirecting to app's index.php as htaccess implies it should. As an alternative to using htaccess rules: I'd love to move the system outside the public www view, but that is not possible with GoDaddy from what I can see and so am bound to using .htaccess rules. Seems this part of the suggested htaccess file is not functioning as intended in my environments: #Removes access to the system folder by users. #Additionally this will allow you to create a System.php controller, #previously this would not have been possible. #'system' can be replaced if you have renamed your system folder. RewriteCond %{REQUEST_URI} ^system.* RewriteRule ^(.*)$ /index.php?/$1 [L] If it matters: the client is using the "deluxe" GoDaddy setup where multiple domains / sites can be hosted from 1 account. Any thoughts? Thanks much.
[eluser]Rick Jolly[/eluser]
You could try this and make sure it is above any other rules. Code: RewriteCond $1 ^system [NC] Edit: removed the not ("!")
[eluser]helloworldly[/eluser]
Thanks Rick. Yes, it's preventing access to system folder now, though it couldn't find the index.php: "The requested URL /index.php was not found on this server." So originally it was: RewriteCond %{REQUEST_URI} ^system.* RewriteRule ^(.*)$ /index.php?/$1 [L] And you added this similar rule above other rules: RewriteCond $1 ^system [NC] RewriteRule ^(.*)$ /index.php?/$1 [L] What's the difference between the two? Why would two rules be needed? Thanks Rick!
[eluser]Rick Jolly[/eluser]
Well that can't be your only rule, or all urls besides those starting with "system" wouldn't work. For example, you could use rules that look something like this: Code: RewriteCond $1 ^system [NC] Quote:What’s the difference between the two? For you, probably nothing. But I think it is better to not use REQUEST_URI in .htaccess if your RewriteBase is a subdirectory - which apparently doesn't apply to you. Otherwise you'd have to include your subdirectory before the "system" in the REQUEST_URI RewriteCond. It's a subtle difference and only applies if you are working in a subdirectory and using .htaccess. So I don't think the rewrite rule by itself was the problem. I suspect some other rule above it matched so that rule wasn't executed. The [L] means last - "if this rule matched, don't execute another". Quote:Why would two rules be needed?One rule must match, or your script won't be found.
[eluser]Rick Jolly[/eluser]
If you are not aware, on most hosts you move your system directory above the web root so that it cannot be accessed through a url. Also, as opposed to sending requests to "system" through CI, you could just disallow those requests entirely.
[eluser]helloworldly[/eluser]
Quote:"If you are not aware, on most hosts you move your system directory above the web root so that it cannot be accessed through a url." Yeah I wish Go Daddy gave me that freedom but they don't. At least not on the plan my client has -- or not that I can see anyway. Re: my htaccess - i had the exact copy of the recommended htaccess from that codeigniter wiki post i linked to in my first post. The only difference wasthat i commented out the rewritebase: Code: <IfModule mod_rewrite.c>
[eluser]Rick Jolly[/eluser]
Notice the "/" before index.php on the first 2 rules? I thought that was specific to GoDaddy, but I see your last rule doesn't have it. Remove the "/" in front of index.php for all rules and you should be good to go.
[eluser]Johan André[/eluser]
Correct me if I'm wrong, but doesn't CI limit the direct access to core-files if the constant BASE is not defined?
[eluser]helloworldly[/eluser]
Yeah just seems like a path issue... this helped - isntead of giving a php error - it directs to the stylized 404 page. Though I thought it was to go to the index.php and display the home page... Just a path issue i guess...
[eluser]Rick Jolly[/eluser]
[quote author="helloworldly" date="1263270474"]Yeah just seems like a path issue... this helped - isntead of giving a php error - it directs to the stylized 404 page. Though I thought it was to go to the index.php and display the home page... Just a path issue i guess...[/quote] Expected behavior. If you typed example.com/fsdfjsdlfjj you'd get the 404 page. If the url can't be resolved to a controller/method, then 404. |
Welcome Guest, Not a member yet? Register Sign In |