Prevent displaying PHP File through URL with htaccess - .htaccess

i would like to make it impossible to open a PHP file directly through an Url but keep it still accessible through jQuery. Right now it is possible to enter this URL in the Browser:
http://domain.com/php/member.php
But i would like to prevent that. If someone types this in the Browser Url than i would like to redirect everyone to http://domain.com with htaccess. But it must be still possible to send variables through the own Website with jQuery to the PHP File.
Thanks :)

If you don't want it access directly put it outside the web root and use a php script to interact with it. jQuery/JavaScript is client side. If it can access the file, then the client will be able to also. You would be better off using PHP to send/receive info to jQuery and hide that file outside the web root so there is no direct access.

You can use this htaccess redirect to generate the code to redirect domain.com/php/member.php to domain.com. You can use a 301 redirect like the one above.

Related

Redirect an address ending with #!

I have an address: www.domain.com/index.php?category=this-is-me#!
For some reason google directs to this address.
I want to redirect my users to www.domain.com/index.php?category=this-is-me
How can I do that?
I don't think the "#!" is needed.
I work with htaccess files (php, apache).
Thanks
You can't do anything about it in htaccess files, in php, or in apache. Everything starting from the # is called the URI fragment and it is never sent to the server. So apache doesn't even know it's there.
What you'll need to do is use something that's on the client-side (e.g. browser) to remove it. For javascript, see something like this: Remove fragment in URL with JavaScript w/out causing page reload

htaccess URL redirect based on page title

I would like to add a line to my htaccess to change this url:
RewriteEngine on
do this is the url
http://site/Calendar/viewevent?eventid=9223
into something like this :
http://site/Calendar/viewevent/Title-of-event
its php and joomla and I am a php developer, please dont advise me to use a component or module to handle redirects, I am trying to achieve this using .htaccess ONLY :) thank you in advance!!
Your 'pretty' url contains information that is not in the 'working' url. Besides that, the 'working' url also contains information that is not in the pretty url. You need database access to translate the event id to a seo-title, and the seo-title back to an event id. In other words: It is impossible to do this with .htaccess only, unless you change 'viewevent' to accept an event by seo-title, instead of eventid.
Mod_dbd can possible be used, but only in the server config file, not .htaccess.
As Sumurai8 says htaccess cant transform url like you want automatically.
But you can use Redirect 301 (or its variation) for one url to another.
for your example:
Redirect 301 /Calendar/viewevent?eventid=9223 /Calendar/viewevent/Title-of-event
more information here

How can I redirect and then rewrite url in same file for pretty URL?

I have just been asked to migrate a site from one server to another for a site that I did not build. They have a lot of links to pages that dont exist.
<a href="app/batteries">
This is not actually a directory in the site, but there is an app.php file in the root directory. I have gotten it to display the products by redirecting anything to the app/ directory to app.php?app=. The value of ?app= is dynamic, so any solution would need to be dynamic. I have simply used the redirect statement in the htaccess file to get it to the app.php page. Is there a way to get the url back to the pretty url after a redirect?
Any help would be awesome. Thanks in advance.
You should use ModRewrite instead, for matching a pretty url with regexps, and converting into the url using the app.php.
The rewrite is local to the server, so the visitor sees only pretty urls.

view the real htaccessed link

how can i view the real URL without the functionality of .htaccess rewrite file ?
while using url rewrite with the .htaccess file you able to see sites like this :
example.com/i/154/b/6574534
i want to see the "source" of the url , such as
example.com/index.php?i=15&b=6574534
It sounds like you want to reverse the URL rewriting, without having server-level access to the server you are interested in. If this is the case, what you're asking for is not possible unless the server provides an API, a custom HTTP header in the response, another link on the page, or some other method to find the non-rewritten URL. The ability to do otherwise would defeat many purposes of URL rewriting.

What's a clean/simple way to ensure the security of a page?

Supposing you have a form that collects and submits sensitive information and you want to ensure it is never accessed via insecure (non-HTTPS) means, how might you best go about enforcing that policy?
If you're running Apache, you can put a RewriteRule in your .htaccess, like so:
RewriteCond %{HTTPS} "off"
RewriteRule /mypage.html https://example.com/mypage.html
I think the most bullet-proof solution is to keep the code inside your SSL document root only. This will ensure that you (or another developer in the future) can't accidentally link to a non-secure version of the form. If you have the form on both HTTP and HTTPS, you might not even notice if the wrong one gets used inadvertently.
If this isn't doable, then I would take at least two precautions. Do the Apache URL rewriting, and have a check in your code to make sure the session is encrypted - check the HTTP headers.
Take a look at this: http://www.dotnetmonster.com/Uwe/Forum.aspx/asp-net/75369/Enforcing-https
Edit: This shows solutions from an IIS point of view, but you should be able to configure about any web server for this.
In IIS? Go to security settings and hit "Require secure connection". Alternately, you can check the server variables in page load and redirect to the secure page.
I'd suggest looking at the request in the code that renders the form, and if it is not using SSL, issue a redirect to the https URL.
You could also use a rewite rule in Apache to redirect the user.
Or, you could just not serve up the page via HTTP, and keep it only in the document root of your HTTPS site.

Resources