[Revisited] Hiding PHP extension

R. Rajesh Jeba Anbiah wrote:

Sometimes ago I started a thread
<http://groups.google.c om/groups?threadm= abc4d8b8.040401 2208.76ebdba7%4 0posting.google .com>

<Previous post>
I'm supposed to hide the php extension in a file (like Yahoo! or
Google). For example, http://foo.com/foo instead of
http://foo.com/foo.php. I have read various articles including
<http://in2.php.net/security.hiding > . Certainly mod_rewrite is not
the right option. In Apache, "file.php" & "file" are treated as same
(content negotiation??) and like to know, how reliable it is? Is there
any other options to do the same? TIA
</Previous post>
For mod_rewrite, if you want to have a URI of /foo do NOT have a file
called foo.php, or it will use that instead (depending on the Apache
setup). What you can do, however is to do something like:

RewriteRule ^foo/?$ foo_process_req uest.php

That way, you have your URI of /foo as well as a filename that may be
more specific to its task "foo_process_re quest.php"

Also, one of the rules I use look like:

RewriteRule ^([^/]+)(/([^/]+))?/?$ x.php?s=$1&p=$3 [L,NS,QSA]

That allows me to have URIs like:

/section
/section/
/section/page
/section/page/

That translate to requests like:

x.php?s=section &p=
x.php?s=section &p=
x.php?s=section &p=page
x.php?s=section &p=page

Then in x.php, you can call the correct include files based on the _GET
parameters.
At that time I was getting many answers. But, recently I have found
another suggestion in the 'net:

<FilesMatch "^([^\.]+)$">
ForceType application/x-httpd-php
</FilesMatch>
That forces all files without an extension to be a PHP file. Don't know
xactly what would happen if your request was a directory without the
trailing slash... One other thing to think of is what if you had a
request like /foo/ what happens then?
Source: http://forum.textpattern.com/viewtopic.php?id=184 and
http://www.devarticles.com/c/a/Apach...r-Page-URLs/1/

Any comments or any better ideas? TIA

I don't know what Zeus or IIS support is for FilesMathc, but I do know
that they both support mod_rewrite syntax (IIS uses something called
ISAPI_rewrite that would need to be installed). Because of this, I
continue to use mod_rewrite for portability's sake.

--
Justin Koivisto - sp**@koivi.com
PHP POSTERS: Please use comp.lang.php for PHP related questions,
alt.php* groups are not recommended.

> At that time I was getting many answers. But, recently I have found

another suggestion in the 'net:

<FilesMatch "^([^\.]+)$">
ForceType application/x-httpd-php
</FilesMatch>

If you want to save yourself some time and a headache AND you don't mind
having all files under a directory read in as PHP files, you can create an
..htaccess file with the following line included:

ForceType application/x-httpd-php

Now, any file you create in that directory, whether or not it has an
extension or not, will be parsed as php code.

_______________ _______________ ______
Wil Moore III, MCP | Integrations Specialist

Justin Koivisto <sp**@koivi.com > wrote in message news:<aH******* ***********@new s7.onvoy.net>.. .

R. Rajesh Jeba Anbiah wrote:

Sometimes ago I started a thread
<http://groups.google.c om/groups?threadm= abc4d8b8.040401 2208.76ebdba7%4 0posting.google .com> <snip>

Also, one of the rules I use look like:

RewriteRule ^([^/]+)(/([^/]+))?/?$ x.php?s=$1&p=$3 [L,NS,QSA]

That allows me to have URIs like:

/section
/section/
/section/page
/section/page/

That translate to requests like:

x.php?s=section &p=
x.php?s=section &p=
x.php?s=section &p=page
x.php?s=section &p=page

Then in x.php, you can call the correct include files based on the _GET
parameters.

At that time I was getting many answers. But, recently I have found
another suggestion in the 'net:

<FilesMatch "^([^\.]+)$">
ForceType application/x-httpd-php
</FilesMatch>

That forces all files without an extension to be a PHP file. Don't know
xactly what would happen if your request was a directory without the
trailing slash... One other thing to think of is what if you had a
request like /foo/ what happens then?

Thanks for your comments. Yes, I understand the situation you're
referring. And if I'm right, there won't be any problem with such
directory requests.
Source: http://forum.textpattern.com/viewtopic.php?id=184 and
http://www.devarticles.com/c/a/Apach...r-Page-URLs/1/

Any comments or any better ideas? TIA

I don't know what Zeus or IIS support is for FilesMathc, but I do know
that they both support mod_rewrite syntax (IIS uses something called
ISAPI_rewrite that would need to be installed). Because of this, I
continue to use mod_rewrite for portability's sake.

It seems you're advocating mod_rewrite. Sometimes ago when I was
digging on this subject, I found a article which hinted performance
issue with mod_rewrite (but not sure really). The major problem (for
me) I have found with mod_rewrite is hardcoding of links and or a
mechanism to handle links as $_SERVER['PHP_SELF'] won't work.

--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com

<la*******@hotm ail.com> wrote in message news:<10******* ******@corp.sup ernews.com>...

At that time I was getting many answers. But, recently I have found
another suggestion in the 'net:

<FilesMatch "^([^\.]+)$">
ForceType application/x-httpd-php
</FilesMatch>

If you want to save yourself some time and a headache AND you don't mind
having all files under a directory read in as PHP files, you can create an
.htaccess file with the following line included:

ForceType application/x-httpd-php

Now, any file you create in that directory, whether or not it has an
extension or not, will be parsed as php code.

Thanks for your comments. I think, that will be much overhead for
the PHP parser as it will result in parsing all files (even .jpg,
..gif, .html, etc). Anyway, are you hinting that restricting the
parsing level with <FilesMatch "^([^\.]+)$"> is overhead?

--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com

R. Rajesh Jeba Anbiah wrote:

Justin Koivisto <sp**@koivi.com > wrote in message news:<aH******* ***********@new s7.onvoy.net>.. .

R. Rajesh Jeba Anbiah wrote:

Sometimes ago I started a thread
<http://groups.google.c om/groups?threadm= abc4d8b8.040401 2208.76ebdba7%4 0posting.google .com>

<snip>

Also, one of the rules I use look like:

RewriteRule ^([^/]+)(/([^/]+))?/?$ x.php?s=$1&p=$3 [L,NS,QSA]

That allows me to have URIs like:

/section
/section/
/section/page
/section/page/

That translate to requests like:

x.php?s=secti on&p=
x.php?s=secti on&p=
x.php?s=secti on&p=page
x.php?s=secti on&p=page

Then in x.php, you can call the correct include files based on the _GET
parameters.

It seems you're advocating mod_rewrite.

Hmm... I guess I am. ;)
Sometimes ago when I was
digging on this subject, I found a article which hinted performance
issue with mod_rewrite (but not sure really).
IME, the performance hit due to mod_rewrite is less than trying to do
the same thing with PHP, therefore, I don't worry about it. They key is
to get your rules written in a way where they aren't wasting extra
resources. (The use of RewriteCond and the flags L and NS are nice
little gems.)
The major problem (for
me) I have found with mod_rewrite is hardcoding of links and or a
mechanism to handle links as $_SERVER['PHP_SELF'] won't work.

I've ditched $_SERVER['PHP_SELF'] altogether quite a while agoin favor
of $_SERVER['REQUEST_URI']. I just remove trailing slashes and query
strings via:

$_SERVER['REQUEST_URI']=preg_replace('/\?.*/','',$_SERVER['REQUEST_URI']);
$_SERVER['REQUEST_URI']=preg_replace('/\/$/','',$_SERVER['REQUEST_URI']);

Then when I link or post a form, I'll use something like:

<form action="<?php echo $_SERVER['REQUEST_URI'] ?>/">

Of course, the other problem you may come across with mod_rewrite is
relative paths to images and other files. I take care of this through a
config.ini entry called "site_path" that may contain something like ""
or "/~myusername" Then all my images and anchor tags look similar to:

<img src="<?php echo $CFG['site_path'] ?>/images/img1.png">

--
Justin Koivisto - sp**@koivi.com
PHP POSTERS: Please use comp.lang.php for PHP related questions,
alt.php* groups are not recommended.

Justin Koivisto <sp**@koivi.com > wrote in message news:<kC******* ***********@new s7.onvoy.net>.. .

R. Rajesh Jeba Anbiah wrote:

Sometimes ago I started a thread
<http://groups.google.c om/groups?threadm= abc4d8b8.040401 2208.76ebdba7%4 0posting.google .com>

<snip>
It seems you're advocating mod_rewrite.

Hmm... I guess I am. ;)

Sometimes ago when I was
digging on this subject, I found a article which hinted performance
issue with mod_rewrite (but not sure really).

IME, the performance hit due to mod_rewrite is less than trying to do
the same thing with PHP, therefore, I don't worry about it. They key is
to get your rules written in a way where they aren't wasting extra
resources. (The use of RewriteCond and the flags L and NS are nice
little gems.)

The major problem (for
me) I have found with mod_rewrite is hardcoding of links and or a
mechanism to handle links as $_SERVER['PHP_SELF'] won't work.

I've ditched $_SERVER['PHP_SELF'] altogether quite a while agoin favor
of $_SERVER['REQUEST_URI']. I just remove trailing slashes and query
strings via:

$_SERVER['REQUEST_URI']=preg_replace('/\?.*/','',$_SERVER['REQUEST_URI']);
$_SERVER['REQUEST_URI']=preg_replace('/\/$/','',$_SERVER['REQUEST_URI']);

Then when I link or post a form, I'll use something like:

<form action="<?php echo $_SERVER['REQUEST_URI'] ?>/">

Of course, the other problem you may come across with mod_rewrite is
relative paths to images and other files. I take care of this through a
config.ini entry called "site_path" that may contain something like ""
or "/~myusername" Then all my images and anchor tags look similar to:

<img src="<?php echo $CFG['site_path'] ?>/images/img1.png">

Thanks Justin for your wonderful explanations. Now, I'm very
much convinced about mod_rewrite :-) Thanks a lot.

--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com