Sometimes ago I started a thread
<http://groups.google.c om/groups?threadm= abc4d8b8.040401 2208.76ebdba7%4 0posting.google .com>
<Previous post>
I'm supposed to hide the php extension in a file (like Yahoo! or
Google). For example, http://foo.com/foo instead of http://foo.com/foo.php. I have read various articles including
<http://in2.php.net/security.hiding > . Certainly mod_rewrite is not
the right option. In Apache, "file.php" & "file" are treated as same
(content negotiation??) and like to know, how reliable it is? Is there
any other options to do the same? TIA
</Previous post>
At that time I was getting many answers. But, recently I have found
another suggestion in the 'net:
<FilesMatch "^([^\.]+)$">
ForceType application/x-httpd-php
</FilesMatch>
Source: http://forum.textpattern.com/viewtopic.php?id=184 and http://www.devarticles.com/c/a/Apach...r-Page-URLs/1/
Any comments or any better ideas? TIA
--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com 6 2544
R. Rajesh Jeba Anbiah wrote: Sometimes ago I started a thread <http://groups.google.c om/groups?threadm= abc4d8b8.040401 2208.76ebdba7%4 0posting.google .com>
<Previous post> I'm supposed to hide the php extension in a file (like Yahoo! or Google). For example, http://foo.com/foo instead of http://foo.com/foo.php. I have read various articles including <http://in2.php.net/security.hiding > . Certainly mod_rewrite is not the right option. In Apache, "file.php" & "file" are treated as same (content negotiation??) and like to know, how reliable it is? Is there any other options to do the same? TIA </Previous post>
For mod_rewrite, if you want to have a URI of /foo do NOT have a file
called foo.php, or it will use that instead (depending on the Apache
setup). What you can do, however is to do something like:
RewriteRule ^foo/?$ foo_process_req uest.php
That way, you have your URI of /foo as well as a filename that may be
more specific to its task "foo_process_re quest.php"
Also, one of the rules I use look like:
RewriteRule ^([^/]+)(/([^/]+))?/?$ x.php?s=$1&p=$3 [L,NS,QSA]
That allows me to have URIs like:
/section
/section/
/section/page
/section/page/
That translate to requests like:
x.php?s=section &p=
x.php?s=section &p=
x.php?s=section &p=page
x.php?s=section &p=page
Then in x.php, you can call the correct include files based on the _GET
parameters.
At that time I was getting many answers. But, recently I have found another suggestion in the 'net:
<FilesMatch "^([^\.]+)$"> ForceType application/x-httpd-php </FilesMatch>
That forces all files without an extension to be a PHP file. Don't know
xactly what would happen if your request was a directory without the
trailing slash... One other thing to think of is what if you had a
request like /foo/ what happens then?
Source: http://forum.textpattern.com/viewtopic.php?id=184 and http://www.devarticles.com/c/a/Apach...r-Page-URLs/1/
Any comments or any better ideas? TIA
I don't know what Zeus or IIS support is for FilesMathc, but I do know
that they both support mod_rewrite syntax (IIS uses something called
ISAPI_rewrite that would need to be installed). Because of this, I
continue to use mod_rewrite for portability's sake.
--
Justin Koivisto - sp**@koivi.com
PHP POSTERS: Please use comp.lang.php for PHP related questions,
alt.php* groups are not recommended.
> At that time I was getting many answers. But, recently I have found another suggestion in the 'net:
<FilesMatch "^([^\.]+)$"> ForceType application/x-httpd-php </FilesMatch>
If you want to save yourself some time and a headache AND you don't mind
having all files under a directory read in as PHP files, you can create an
..htaccess file with the following line included:
ForceType application/x-httpd-php
Now, any file you create in that directory, whether or not it has an
extension or not, will be parsed as php code.
_______________ _______________ ______
Wil Moore III, MCP | Integrations Specialist
Justin Koivisto <sp**@koivi.com > wrote in message news:<aH******* ***********@new s7.onvoy.net>.. . R. Rajesh Jeba Anbiah wrote:
Sometimes ago I started a thread <http://groups.google.c om/groups?threadm= abc4d8b8.040401 2208.76ebdba7%4 0posting.google .com>
<snip> Also, one of the rules I use look like:
RewriteRule ^([^/]+)(/([^/]+))?/?$ x.php?s=$1&p=$3 [L,NS,QSA]
That allows me to have URIs like:
/section /section/ /section/page /section/page/
That translate to requests like:
x.php?s=section &p= x.php?s=section &p= x.php?s=section &p=page x.php?s=section &p=page
Then in x.php, you can call the correct include files based on the _GET parameters.
At that time I was getting many answers. But, recently I have found another suggestion in the 'net:
<FilesMatch "^([^\.]+)$"> ForceType application/x-httpd-php </FilesMatch>
That forces all files without an extension to be a PHP file. Don't know xactly what would happen if your request was a directory without the trailing slash... One other thing to think of is what if you had a request like /foo/ what happens then?
Thanks for your comments. Yes, I understand the situation you're
referring. And if I'm right, there won't be any problem with such
directory requests.
Source: http://forum.textpattern.com/viewtopic.php?id=184 and http://www.devarticles.com/c/a/Apach...r-Page-URLs/1/
Any comments or any better ideas? TIA
I don't know what Zeus or IIS support is for FilesMathc, but I do know that they both support mod_rewrite syntax (IIS uses something called ISAPI_rewrite that would need to be installed). Because of this, I continue to use mod_rewrite for portability's sake.
It seems you're advocating mod_rewrite. Sometimes ago when I was
digging on this subject, I found a article which hinted performance
issue with mod_rewrite (but not sure really). The major problem (for
me) I have found with mod_rewrite is hardcoding of links and or a
mechanism to handle links as $_SERVER['PHP_SELF'] won't work.
--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com
<la*******@hotm ail.com> wrote in message news:<10******* ******@corp.sup ernews.com>... At that time I was getting many answers. But, recently I have found another suggestion in the 'net:
<FilesMatch "^([^\.]+)$"> ForceType application/x-httpd-php </FilesMatch>
If you want to save yourself some time and a headache AND you don't mind having all files under a directory read in as PHP files, you can create an .htaccess file with the following line included:
ForceType application/x-httpd-php
Now, any file you create in that directory, whether or not it has an extension or not, will be parsed as php code.
Thanks for your comments. I think, that will be much overhead for
the PHP parser as it will result in parsing all files (even .jpg,
..gif, .html, etc). Anyway, are you hinting that restricting the
parsing level with <FilesMatch "^([^\.]+)$"> is overhead?
--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com
R. Rajesh Jeba Anbiah wrote: Justin Koivisto <sp**@koivi.com > wrote in message news:<aH******* ***********@new s7.onvoy.net>.. .R. Rajesh Jeba Anbiah wrote:
Sometimes ago I started a thread <http://groups.google.c om/groups?threadm= abc4d8b8.040401 2208.76ebdba7%4 0posting.google .com> <snip>
Also, one of the rules I use look like:
RewriteRule ^([^/]+)(/([^/]+))?/?$ x.php?s=$1&p=$3 [L,NS,QSA]
That allows me to have URIs like:
/section /section/ /section/page /section/page/
That translate to requests like:
x.php?s=secti on&p= x.php?s=secti on&p= x.php?s=secti on&p=page x.php?s=secti on&p=page
Then in x.php, you can call the correct include files based on the _GET parameters.
It seems you're advocating mod_rewrite.
Hmm... I guess I am. ;)
Sometimes ago when I was digging on this subject, I found a article which hinted performance issue with mod_rewrite (but not sure really).
IME, the performance hit due to mod_rewrite is less than trying to do
the same thing with PHP, therefore, I don't worry about it. They key is
to get your rules written in a way where they aren't wasting extra
resources. (The use of RewriteCond and the flags L and NS are nice
little gems.)
The major problem (for me) I have found with mod_rewrite is hardcoding of links and or a mechanism to handle links as $_SERVER['PHP_SELF'] won't work.
I've ditched $_SERVER['PHP_SELF'] altogether quite a while agoin favor
of $_SERVER['REQUEST_URI']. I just remove trailing slashes and query
strings via:
$_SERVER['REQUEST_URI']=preg_replace('/\?.*/','',$_SERVER['REQUEST_URI']);
$_SERVER['REQUEST_URI']=preg_replace('/\/$/','',$_SERVER['REQUEST_URI']);
Then when I link or post a form, I'll use something like:
<form action="<?php echo $_SERVER['REQUEST_URI'] ?>/">
Of course, the other problem you may come across with mod_rewrite is
relative paths to images and other files. I take care of this through a
config.ini entry called "site_path" that may contain something like ""
or "/~myusername" Then all my images and anchor tags look similar to:
<img src="<?php echo $CFG['site_path'] ?>/images/img1.png">
--
Justin Koivisto - sp**@koivi.com
PHP POSTERS: Please use comp.lang.php for PHP related questions,
alt.php* groups are not recommended.
Justin Koivisto <sp**@koivi.com > wrote in message news:<kC******* ***********@new s7.onvoy.net>.. . R. Rajesh Jeba Anbiah wrote:
Sometimes ago I started a thread <http://groups.google.c om/groups?threadm= abc4d8b8.040401 2208.76ebdba7%4 0posting.google .com>
<snip>
It seems you're advocating mod_rewrite.
Hmm... I guess I am. ;)
Sometimes ago when I was digging on this subject, I found a article which hinted performance issue with mod_rewrite (but not sure really).
IME, the performance hit due to mod_rewrite is less than trying to do the same thing with PHP, therefore, I don't worry about it. They key is to get your rules written in a way where they aren't wasting extra resources. (The use of RewriteCond and the flags L and NS are nice little gems.)
The major problem (for me) I have found with mod_rewrite is hardcoding of links and or a mechanism to handle links as $_SERVER['PHP_SELF'] won't work.
I've ditched $_SERVER['PHP_SELF'] altogether quite a while agoin favor of $_SERVER['REQUEST_URI']. I just remove trailing slashes and query strings via:
$_SERVER['REQUEST_URI']=preg_replace('/\?.*/','',$_SERVER['REQUEST_URI']); $_SERVER['REQUEST_URI']=preg_replace('/\/$/','',$_SERVER['REQUEST_URI']);
Then when I link or post a form, I'll use something like:
<form action="<?php echo $_SERVER['REQUEST_URI'] ?>/">
Of course, the other problem you may come across with mod_rewrite is relative paths to images and other files. I take care of this through a config.ini entry called "site_path" that may contain something like "" or "/~myusername" Then all my images and anchor tags look similar to:
<img src="<?php echo $CFG['site_path'] ?>/images/img1.png">
Thanks Justin for your wonderful explanations. Now, I'm very
much convinced about mod_rewrite :-) Thanks a lot.
--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: R. Rajesh Jeba Anbiah |
last post by:
I'm supposed to hide the php extension in a file (like Yahoo! or
Google). For example, http://foo.com/foo instead of
http://foo.com/foo.php. I have read various articles including
<http://in2.php.net/security.hiding> . Certainly mod_rewrite is not
the right option. In Apache, "file.php" & "file" are treated as same
(content negotiation??) and like to know, how reliable it is? Is there
any other options to do the same? TIA
--...
|
by: Chris Reedy |
last post by:
For everyone -
Apologies for the length of this message. If you don't want to look
at the long example, you can skip to the end of the message.
And for the Python gurus among you, if you can spare the time, I
would appreciate any comments (including words like evil and disgusting,
if you think they are applicable :-}) on the example here.
Kenny -
|
by: djw |
last post by:
Hi, Folks-
I have a question regarding the "proper" use of try: finally:... Consider
some code like this:
d = Device.open()
try:
d.someMethodThatCanRaiseError(...)
if SomeCondition:
raise Error # Error is subclass of Exception
|
by: Kay Schluehr |
last post by:
Hi all,
thanks for Your attention !
I think my proposal was more in mind of Rons modified exec than
Pythons lambda.
When George proposed his unpacking behavoir for list-comps as a pack of
suggar:
|
by: Pjotr Wedersteers |
last post by:
I am new to J(ava)Script, use PHP a lot and consider moving some stuff for a
project over to the client side. Problem is part of the PHP code is
copyrighted and the author would not be happy to see his work made available
to the world. Guess he is entitled to that opinion.
Is it possible to hide javascript and/or html data from the user or is the
only way to make it hard to get by obscuring it through removing
indentation, variable...
| |
by: Dennis |
last post by:
I have a class named myclass that inheirits from "baseclass". There is a
property of "baseclass" that I don't want exposed in the IDE. The MSDN
documentation says"
"A derived type can hide an inherited member by defining a new member with
the same signature. This might be done to make a previously public member
private or to define new behavior for an inherited method that is marked as
final. "
However, this does not hide the...
|
by: 3338761 |
last post by:
I'm a beginner programmer so bear with me if this seems very simple...
I have a subform which I don't want to have displayed until the user has entered first name, last name, extension, and chose a dept. from a combobox.
The If condition I tried for the first name was:
If Me.Employee_First_Name.Value = Null Then
Me.Report_Sub.Visible = False
Else
Me.Report_Sub.Visible = True
|
by: codexxx |
last post by:
Hi,all
I wanted to make a system so that in the browser php extension cant be seen. Though I have been able to make it by editing the .htaccess file but I want it such a way that if anyone type the php as extension then it would take him to an error page.
Please help me by giving a .htaccess file where that code is written or give me any useful link. Its very urgent so if you can help quickly then it would help me gain some...
|
by: Frank Rizzo |
last post by:
How come VS2008 does not show built-in extension methods for the string
class? Like ToList() method, for instance.
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |