With Apache's mod_rewrite module I can keep *.php files and load them as
*.html files:
# Make http//example.com/foo/bar.html load /home/site/foo/bar.php
RewriteEngine On
RewriteRule ^(.*)\.html$ $1.php [L]
But, is there any elegant way to prevent direct access to
"http//example.com/foo/bar.php"? No matter the "L" flag, all *.html
requests get parsed again with any *.php rule I write, even though the
rewriting does not force a browser redirect and even if I use the NS
flag :-?
I still can restrict it in PHP itself (I can think of checking the value
of $_SERVER['REQUEST_URI']), but I'd like to understand why L and NS do
not work as I expected.
Sorry if this is kinda offtopic but my news server does not provide any
Apache group.
--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://bits.demogracia.com
-- Mi web de humor al baño María: http://www.demogracia.com
-- 11  3327 
Álvaro G. Vicario wrote:
With Apache's mod_rewrite module I can keep *.php files and load them as
*.html files:
# Make http//example.com/foo/bar.html load /home/site/foo/bar.php
RewriteEngine On
RewriteRule ^(.*)\.html$ $1.php [L]
But, is there any elegant way to prevent direct access to
"http//example.com/foo/bar.php"? No matter the "L" flag, all *.html
requests get parsed again with any *.php rule I write, even though the
rewriting does not force a browser redirect and even if I use the NS
flag :-?
I still can restrict it in PHP itself (I can think of checking the value
of $_SERVER['REQUEST_URI']), but I'd like to understand why L and NS do
not work as I expected.
Sorry if this is kinda offtopic but my news server does not provide any
Apache group.
You can always get the Apache newsgroups through Google Groups. And
I've found most news servers will add groups if you ask them nicely -
they just need to know the newsgroup is wanted.
As for your question - it is NOT a good idea to parse all .html files as
..php, anyway. It puts an unnecessary load on the server. Just keep php
code in .php files. You'll find it works much better.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
Jerry Stuckle escribió:
As for your question - it is NOT a good idea to parse all .html files as
.php, anyway. It puts an unnecessary load on the server. Just keep php
code in .php files. You'll find it works much better.
There aren't any plain HTML files in the site: they all use PHP to
compose the page including headers, footers and the like (plus headers
for client-side caching: site contents are not actually dynamic).
Currently, I code in *.html files and get them all parsed as PHP but
it's annoying because I have to tell my text editor to use PHP syntax
highlighting for *.html files... but only for that project! Furthermore,
if I ever add a plain HTML file I can't distinguish it easily.
I thought mod_rewrite could be an elegant solution but I'm disappointed
with my lack of understanding of its internals.
If I completely omit extensions ( http://example.com/foo/bar) the issue
is the same: I can't prevent http://example.com/foo/bar.php from loading.
--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://bits.demogracia.com
-- Mi web de humor al baño María: http://www.demogracia.com
--
On 28 Apr, 11:54, "Álvaro G. Vicario"
<alvaroNOSPAMTHA...@demogracia.comwrote:
Jerry Stuckle escribió:
As for your question - it is NOT a good idea to parse all .html files as
.php, anyway. It puts an unnecessary load on the server. Just keep php
code in .php files. You'll find it works much better.
There aren't any plain HTML files in the site: they all use PHP to
compose the page including headers, footers and the like (plus headers
for client-side caching: site contents are not actually dynamic).
Currently, I code in *.html files and get them all parsed as PHP but
it's annoying because I have to tell my text editor to use PHP syntax
highlighting for *.html files... but only for that project! Furthermore,
if I ever add a plain HTML file I can't distinguish it easily.
I thought mod_rewrite could be an elegant solution but I'm disappointed
with my lack of understanding of its internals.
If I completely omit extensions (http://example.com/foo/bar) the issue
is the same: I can't preventhttp://example.com/foo/bar.phpfrom loading.
--
--http://alvaro.es- Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web:http://bits.demogracia.com
-- Mi web de humor al baño María:http://www.demogracia.com
--
Wouldn't it be simpler to just rename all your files as .html and
setup the PHP handler to process them?
C.
Álvaro G. Vicario wrote:
Jerry Stuckle escribió:
>As for your question - it is NOT a good idea to parse all .html files
as .php, anyway. It puts an unnecessary load on the server. Just
keep php code in .php files. You'll find it works much better.
There aren't any plain HTML files in the site: they all use PHP to
compose the page including headers, footers and the like (plus headers
for client-side caching: site contents are not actually dynamic).
Currently, I code in *.html files and get them all parsed as PHP but
it's annoying because I have to tell my text editor to use PHP syntax
highlighting for *.html files... but only for that project! Furthermore,
if I ever add a plain HTML file I can't distinguish it easily.
I thought mod_rewrite could be an elegant solution but I'm disappointed
with my lack of understanding of its internals.
If I completely omit extensions (http://example.com/foo/bar) the issue
is the same: I can't prevent http://example.com/foo/bar.php from loading.
And you will NEVER have any static pages on the site?
Why are you going to all of the trouble, anyway. PHP works fine as .php
files. You cause yourself and the server to run through all kinds of
hoops to parse them as .html files.
But if you insist, try alt.apache.configuration - available on Google
Groups.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
Álvaro G. Vicario wrote:
Jerry Stuckle escribió:
>As for your question - it is NOT a good idea to parse all .html files
as .php, anyway. It puts an unnecessary load on the server. Just
keep php code in .php files. You'll find it works much better.
There aren't any plain HTML files in the site: they all use PHP to
compose the page including headers, footers and the like (plus headers
for client-side caching: site contents are not actually dynamic).
Currently, I code in *.html files and get them all parsed as PHP but
it's annoying because I have to tell my text editor to use PHP syntax
highlighting for *.html files... but only for that project! Furthermore,
if I ever add a plain HTML file I can't distinguish it easily.
I thought mod_rewrite could be an elegant solution but I'm disappointed
with my lack of understanding of its internals.
If I completely omit extensions (http://example.com/foo/bar) the issue
is the same: I can't prevent http://example.com/foo/bar.php from loading.
Oops - I think I misread what you are doing (twice!).
If I understand this correctly now, you have your PHP code in .php
files, and have Apache set up to load those PHP files if the equivalent
..html is called. This would be OK.
But you don't want the .php files to be able to be loaded directly. I'm
not sure what difference it makes - does it cause a problem to load the
..php file?
From the PHP end, yes, you can restrict access. But if you want to do
it with mod_rewrite, you really need to be following up on an Apache
newsgroup. You'll get expert answers there.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
==================
Jerry Stuckle <js*******@attglobal.netwrote:
>
Oops - I think I misread what you are doing (twice!).
If I understand this correctly now, you have your PHP code in .php
files, and have Apache set up to load those PHP files if the equivalent
.html is called. This would be OK.
...
But you don't want the .php files to be able to be loaded directly. I'm
not sure what difference it makes - does it cause a problem to load the
.php file?
From the PHP end, yes, you can restrict access. But if you want to do
it with mod_rewrite, you really need to be following up on an Apache
newsgroup. You'll get expert answers there.
mod_rewrite is one of those magical products that can be configured to do
practically anything (like Sendmail). And like most such products, it is
difficult to get right.
However, I think this will do what the original poster wanted:
RewriteEngine On
RewriteRule ^(.*)\.php$ $1.php [R=404,L]
RewriteRule ^(.*)\.html$ $1.php [L]
That says PHP references should redirect to a 404, and HTML references
should be rewritten to PHP.
--
Tim Roberts, ti**@probo.com
Providenza & Boekelheide, Inc.
Tim Roberts escribió:
RewriteEngine On
RewriteRule ^(.*)\.php$ $1.php [R=404,L]
RewriteRule ^(.*)\.html$ $1.php [L]
That says PHP references should redirect to a 404, and HTML references
should be rewritten to PHP.
It doesn't work either because when I request foo.html I'm silently
redirected to foo.php, rewriting starts again and first rule generates a
Not Found status code.
Thank you for your suggestion but it's really tricky!
I've asked my newsmaster if I can get "alt.apache.configuration" added
to the groups lists (Google Groups is okay but it does not allow e-mail
obfuscation) but I guess I'll implement this as is and I just won't care
about direct access to *.php files (or I'll check
$_SERVER['REQUEST_URI'] and generate the 404 status in PHP). Your
comparison of mod_write with Sendmail has scared me to the bone ;-)
--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://bits.demogracia.com
-- Mi web de humor al baño María: http://www.demogracia.com
--
Álvaro G. Vicario a écrit :
Tim Roberts escribió:
> [L]
rewriting starts again
Or not, L flag stands for Last, it shouldn't start again and directly
serve the request, i.e. foo.php.
Regards,
--
Guillaume
..oO(Guillaume)
>Álvaro G. Vicario a écrit :
>Tim Roberts escribió:
>> [L]
rewriting starts again
Or not, L flag stands for Last, it shouldn't start again and directly
serve the request, i.e. foo.php.
The L flag means that no further rules are evaluated for the _current_
request, but if some rewriting action triggers an internal redirect,
then the entire process starts again from the first RewriteRule.
Micha
Ãlvaro G. Vicario schrieb:
Tim Roberts escribió:
> RewriteEngine On
RewriteRule ^(.*)\.php$ $1.php [R=404,L]
RewriteRule ^(.*)\.html$ $1.php [L]
That says PHP references should redirect to a 404, and HTML references
should be rewritten to PHP.
It doesn't work either because when I request foo.html I'm silently
redirected to foo.php, rewriting starts again and first rule generates a
Not Found status code.
Thank you for your suggestion but it's really tricky!
I've asked my newsmaster if I can get "alt.apache.configuration" added
to the groups lists (Google Groups is okay but it does not allow e-mail
obfuscation) but I guess I'll implement this as is and I just won't care
about direct access to *.php files (or I'll check
$_SERVER['REQUEST_URI'] and generate the 404 status in PHP). Your
comparison of mod_write with Sendmail has scared me to the bone ;-)
If you want to deny execution of php scripts, you can put them outside
of the web space.
If your php script you want to protect is inside the web space, you can
deny access in the .htaccess file. This is handy for include-only
directories.
Max
M. Strobel wrote:
Ãlvaro G. Vicario schrieb:
>Tim Roberts escribió:
>> RewriteEngine On
RewriteRule ^(.*)\.php$ $1.php [R=404,L]
RewriteRule ^(.*)\.html$ $1.php [L]
That says PHP references should redirect to a 404, and HTML references
should be rewritten to PHP.
It doesn't work either because when I request foo.html I'm silently
redirected to foo.php, rewriting starts again and first rule generates
a Not Found status code.
Thank you for your suggestion but it's really tricky!
I've asked my newsmaster if I can get "alt.apache.configuration" added
to the groups lists (Google Groups is okay but it does not allow
e-mail obfuscation) but I guess I'll implement this as is and I just
won't care about direct access to *.php files (or I'll check
$_SERVER['REQUEST_URI'] and generate the 404 status in PHP). Your
comparison of mod_write with Sendmail has scared me to the bone ;-)
If you want to deny execution of php scripts, you can put them outside
of the web space.
If your php script you want to protect is inside the web space, you can
deny access in the .htaccess file. This is handy for include-only
directories.
Max
Which is not his question...
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attglobal.net
================== This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Joshua |
last post by:
Is there a way to set up Apache to invoke a PHP equest when a file (a
image for example) is downloaded?
Say, then, that
http://www.foo.com/downloads/app1.zip is downloaded, Id like to have...
|
by: Phil Powell |
last post by:
http://www.sitepoint.com/article/910/2]
How can it be possible to use Apache's mod_rewrite module in such a
way as to dynamically feed it variable information into the
"RewriteRule" option? I...
|
by: Stefan Blobner |
last post by:
Hi,
I'm searching for someone who's using HP-UX 11.x with Apache and PHP
with the OCI8 extension (for accessing Oracle).
I'm having some issues while running this and would like to...
|
by: Frank |
last post by:
Hey all,
I can't seem to get javascript running in my XSL document.
<?xml version="1.0"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
version="1.0"...
|
by: Joseph S. |
last post by:
Hi,
I am trying to install PHP 5.0.4 on Apache 2.0.54 on WinXP Pro SP2 as a
cgi binary.
Apache2 directory is c:/Apache2
htdocs is c:/Apache2/htdocs
php is installed in c:/php
This contains...
|
by: MaiyaHolliday |
last post by:
Hello,
I've recently installed apache on a new computer, and cannot figure out why my site will not process any includes. (it was working on my old one) There are no errors on the page such as...
|
by: joe jacob |
last post by:
I configured apache to execute python scripts using mod_python
handler. I followed below mentioned steps to configure apache.
1. In http.conf I added
<Directory...
|
by: Dale |
last post by:
again, i know this is OT...just move along to the next post if it bugs you.
:)
i had been trying to have this:
project.66.204.32.110
from the client browser, map to a virtual host where the...
|
by: josequinonesii |
last post by:
I've searched, I've read, I've tested and re-read numerous post but to no avail yet...
Quite simply, the settings I've applied to my httpd.conf, httpd-vhost.conf and my hosts files simply does not...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |
