I haven't found all the answer to my current problem.
Here is the root of the site:
cache
img
display.php
admin.php
What I need is to block all the direct access of the files and allow only access via url formatted like that:
1 ht*p://sub.domain.com/image/param/size/folder/img.jpg (param, size, folder, img are parameters)
2 ht*p://sub.domain.com/action/param1/param2/ (param1, param2 are parameters)
1 would point to display.php with the correct parameters
2 would point to admin.php with the correct parameters
Every other access must be 404 (at best) or 403
my rules are (the htaccess is in ht*p://sub.domain.com/):
RewriteRule ^image/([^/]+)/([0-9]+)/([^/]+)/([^/]+)\.jpg display.php?param=$1&size=$2&folder=$3&img=$4 [L]
RewriteRule ^action/([^/]+)/([^/]+) admin.php?action=$1¶m=$2 [L]
Those rules work as I want to but I am stuck on how to block any access that does not come from those URL!
Also (as a bonus) I would like to be able to use the same htaccess on diferrent web address without having to change this file.
Thanks in advance
Have you try moving the image out of the public folder and use php to call the image in?
For the PHP files you can use the switch statement (http://www.php.net/switch).
For the admin.php file you can do something like:
$get_action = $_GET['action'];
switch ($get_action) {
case "edit":
case "view":
case "delete":
case "add":
//Continue loading the page
break;
default:
header('HTTP/1.1 403 Forbidden');
die();
}
Note: I don't know how your code looks or works, but you can have an idea base on the code I added.
Related
I am trying to save the HTTP_REFERER to a $_SESSION[] variable and only updating it if the referring page does not match the current page. This way if I reload the page through a PHP script it does not save the current page I'm on as the referrer.
First I am getting the REFERER and comparing it to the current URL:
$referer = $_SERVER["HTTP_REFERER"];
preg_match('/^(.*?\:\/\/)/', $referer, $start);
$url = $start[0].$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
Then I have an IF statement that says if they DONT match to update Session:
if($url != $referer){
$_SESSION['referer'] = $_SERVER["HTTP_REFERER"];
}
Then I check the output:
echo $_SESSION['referer'];
The issue is that it updates the session no matter what!
I have tried to do the same with cookies instead of the session variable. With cookies, I can see it changing in the consol. It won't update, and then a second later it updates. Almost as if the page is loading twice.
When I set this code
setcookie('test', $_SERVER["HTTP_REFERER"]);
When I go to a new page, it will correctly display the correct refer, and then after a second, it switches to the current page.
My current setup uses .htaccess so that I don't have to type the file names of the pages. I have all requests of any subfolders go to /index.php
So http://example.com/home or http://example.com/coolpage will all go back to http://example.com/index.php
Then with PHP I look for the file named the same as that subfolder and then "include" it in my index.php file as a sort of simple templating system.
Are these .htaccess redirects messing with the $_SERVER["HTTP_REFERER"]? If I just use the $_SERVER["HTTP_REFERER"] directly within my code it works fine (it's not updating). It's only when I try to save it to another variable that things go wonky.
Is there a better way to have a back button that sends the user back to where they came from without taking into account multiple page loads of the same URI?
I found a workaround that seems a bit odd, but it achieves the effect I want.
I wrap the whole thing in an if statement only executing if the $uri != favicon.ico
if($uri != 'favicon.ico'){
$referer = $_SERVER["HTTP_REFERER"];
preg_match('/^(.*?\:\/\/)/', $referer, $start);
$url = $start[0].$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if($url != $referer){
$_SESSION['referer'] = $_SERVER["HTTP_REFERER"];
}
$backButton = $_SESSION['referer'];
}
How to Write a app yaml looks like htacess below
RewriteEngine on
# To append a query string part in the substitution string
RewriteRule ^([0-9a-z_/\-]+)/$ index.php\?p=$1 [QSA]
RewriteRule ^([0-9a-z_/\-]+)$ index.php\?p=$1 [QSA]
im doing so at app yaml for GAE Application was fail
as Dan mentioned, you will not be able to handle this all in the yaml, and will need to to handle the logic yourself, we do a simular thing in one of our project and will outline below our solution.
Our scenario is handling the old website article's URL structure, and trying to redirect them to the new URL structure.
In our yaml we register the pattern that we are looking to match on and direct it to a file where we will do the handling :
- url: (/.*/[0-9]{4}/[0-9]{2}/[0-9]{2}/.*) (Pattern to match on)
script: publication.custom.redirector.app (Path to your .py that will have your handling in)
In our .py file we will catch that pattern and route it to our DefaultHandler that can then do any logic you need and redirect out:
( in our project this goes to /publication/custom/redirector.py )
import request
import settings
import re
class DefaultHandler(request.handler):
def get(self, pre, year, month, day, post):
post = re.sub('(.*[^0-9])[\d]{1}$', r'\1', post)
post = re.sub('[^0-9a-zA-Z-_\/]+', '', post)
path = post.split("/")[-1]
slug = "{0}-{1}-{2}-{3}".format(year, month, day, path)
article = self.context.call('pub/articles/get', slug=slug.lower())
if article:
self.redirect(article['pub_url'], permanent=True)
else:
self.render("pages/page-not-found/page-not-found.html")
app = request.app([
('/(.*)/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*)', DefaultHandler)
], settings.gaext.config)
Hope this helps
The GAE app.yaml doesn't have a URL rewrite capability, it just parses the incoming request URL for request routing purposes, to determine which handlers to invoke.
One could maybe argue that the static_file handlers configuration has a somewhat similar capability, but it is only applicable to the static assets.
For the dynamic handlers you'd need to take care of such "rewrite" inside your app code. I'm quoting "rewrite" here as technically it's just a different way of parsing/interpreting the request URL inside your app code - the original, unchanged request URL will still be the one recorded by the GAE infra.
I would like to use a catch-all rule for urlManager that would pass anything after my base url to a default controller and method as parameters.
My goal would be for a url such as mysite.com/123 to map to mysite.com/controller/method/123 where controller/method are predetermined and 123 is passed as a named parameter.
Such a rule would be put last in the urlManager chain so that if none of the other rules match it would pass whatever is after the base url to my selected controller/method.
Any ideas??
Edit:
Adding a rule '<id>'=>'controller/method' (which I think I had tried anyhow) and then viewing site.com/123 would return a 404 not found, but from apache, NOT Yii. Something I did not take into consideration.
Going to mysite.com/index.php/123 got the desired result. Going to mysite.com/controller/method though would route the url properly. Strange...
Yes, you have to put this as the last rule under all other rules.
'<id>' => 'controllerName/methodName/<id>,'
Example:
'<id>' => 'user/view/<id>',
This will redirect all URLs like this:
mysite.com/1
To:
mysite.com/user/view/1
If you want to restrict to numbers only, use
'<id:\d+>' => 'controllerName/methodName/<id>,'
You should add this rule to bottom of url rules:
'urlManager'=>array(
'urlFormat'=>'path',
'rules'=>array(
'<controller:\w+>/<id:\d+>'=>'<controller>/view',
'<controller:\w+>/<action:\w+>/<id:\d+>'=>'<controller>/<action>',
'<controller:\w+>/<action:\w+>'=>'<controller>/<action>',
'<pname:\w+>'=>'site/test',
),
),
Pname: your named parameter.
Site/test: the target action.
In your action you should define your "pname" as method paramter:
public function actionTest($pname) {
echo "Name:$pname";
}
I need to rewrite this url:
domain.com/mali_oglasi/index/1(any number)
to:
domain.com/mali_oglasi
In my .htaccess file I have this code:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
How can I do this?
If the only thing you want is to map your controller/method differently than the default behaviour, you can use the route.php config file. See the official documentation here : http://codeigniter.com/user_guide/general/routing.html
In your case you'll have something like this :
$route['mali_oglasi/index/(:num)'] = 'mali_oglasi';
Later in your controller you can still get the original digit by using :
$this->uri->rsegment(3);
instead of :
$this->uri->segment(3);
(see official documentation here : http://codeigniter.com/user_guide/libraries/uri.html )
EDIT:
In fact, if you just wish to get rid of the "index" segment when you need to add parameter, you may want to do the inverse of my first answer :
$route['mali_oglasi/(:num)'] = 'mali_oglasi/index/$1';
With that line, every request in the form of "www.yourdomain.com/mali_oglasi/1" will be interpreted by codeigniter as if it were "www.yourdomain.com/mali_oglasi/index/1". Meaning the method "index" of the controller "mali_oglasi" will be used to handle your request.
If you need to retrieve the digit, you want to use :
$this->uri->segment(3);
So if your client should ever go to the url "www.yourdomain.com/mali_oglasi/index/1" directly, you will still retrieve the good uri segment. ( $this->uri->segment(n); give you the n-th segment after route.php rewrite the uri, and $this->uri->rsegment(n) give you the n'th segment before the uri is rewritten. )
I suggest to redirect the user to the new URL :
in your controller mali_oglasi >> in the function index
put the below line
redirect('mali_oglasi');
e.g.
class mali_oglasi extends CI_Controller{
function Index($id){
// Note : make sure you have loaded the url helper
redirect('mali_oglasi');
}
}
Note: don't forget to load the url helper
Note: Set the $config['index_page'] = ''; instead of index in application/config/config.php
I am performing a simple AJAX() request using Jquery (Google hosted 1.7.1 jquery.min.js code)
The code is pretty simple:
$.ajax({
type: "POST",
url: "../inc/ajax_msgread_sendPM.php",
data: "fromuserid=<?php echo $fromuserid; ?>&pmSubject=<?php echo urlencode($pmSubject); ?>&pmBody=" + pmReply,
success: function(data){
$("#showSuccess").show("fast");
$("#resultResponse").html(data);
}
});
The mod_rewrite .htaccess for this document is:
RewriteRule ^messages/read/([^/]+)/([^/]+)/?$ /msgread.php?usernam=$1&keynode=$2 [QSA,L]
When I view the $resultResponse for some reason the Ajax keeps wanting to turn $1 into 'inc' so any unrelated (or related) mySQL queries using $_GET["usernam"] from the URL ends up returning 'inc'
Why is this happening? There is no relation between my script and the mod_rewrite. There are no variables named "usernam" or "1" on the script (or anywhere on the site).
Firebug gives no help.
Advice please?
UPDATE:
I see where the problem is coming from.. in the ajax jquery code:
url: "../inc/ajax_msgread_sendPM.php",
the "inc" keeps getting set as the username because of its location based on the mod_rewrite rules... I need to somehow exclude this from mod_rewrite... just not sure how to solve this problem
As long as current url for your page is
www.domain.com/messages/read/username/NQ
and you use relative path - it is being rewritten to
www.domain.com/messages/read/username/inc/ajax_msgread_sendPM.php
which is definitely not what you want. The simplest solution would be to change the ajax endpoint url to:
url: "/inc/ajax_msgread_sendPM.php",