prevent direct access by URL

RakiuraSkies · **Joined:** Thu Oct 12, 2006 8:18 am **Posts:** 81

Can anyone recommend a means to prevent direct access to my site components (I have Gallery2, SMF and MediaWiki running 'behind' Joomla 1.0.11) by accessing the URL? I would like any attempts at that sort of thing simply redirected to my homepage, where people can login or register.

TIA

RS

RakiuraSkies · **Joined:** Thu Oct 12, 2006 8:18 am **Posts:** 81

hmmm... not sure the move was necessary -it is after all a General Joomla question that merely mentions 3 other (3rd party???) products in the context of the query...

whatever

wolphin · **Joined:** Wed Aug 30, 2006 12:26 am **Posts:** 12

Adding the following code after the SEF redirect (if used) should block non-Joomla direct access php files.
I'm not quite clear if the components you mention need direct access to their files though.

Code:

RewriteEngine On

#Sef code

########## Redirect attempts to access php files directly
RewriteCond %{REQUEST_URI} !^/$
RewriteCond %{REQUEST_URI} !^/index2?\.php$
RewriteCond %{REQUEST_URI} !^/administrator/index(2|3)?\.php$
RewriteCond %{REQUEST_URI} !^/administrator/popups/(uploadimage|(content|module|poll)window)\.php$
RewriteRule ^.*\.php$ /index.php? [R=301]
########## End redirect attempts to access php files directly

You can of course put another status code instead of 301.

Sadly it seems that if the files requested are forbidden in a or section of the apache config the redirect does not take place.

Also, some components might break if they need to access files directly.

You can try to locate such files by running the following command from the Joomla root dir:

Code:

/usr/bin/find . -type f -exec grep 'define[^d].*_VALID_MOS' {} /dev/null \;

On my system this gives:

Code:

> /usr/bin/find . -type f -exec grep 'define[^d].*_VALID_MOS' {} /dev/null \;
./administrator/components/com_joomlaboard/joomlaboard_mosbot_help.php:define( "_VALID_MOS", 1 );
./administrator/popups/contentwindow.php:define( "_VALID_MOS", 1 );
./administrator/popups/modulewindow.php:define( "_VALID_MOS", 1 );
./administrator/popups/pollwindow.php:define( "_VALID_MOS", 1 );
./administrator/popups/uploadimage.php:define( "_VALID_MOS", 1 );
./administrator/index2.php:define( '_VALID_MOS', 1 );
./administrator/index3.php:define( '_VALID_MOS', 1 );
./administrator/index.php:define( '_VALID_MOS', 1 );
./components/com_zoom/www/admin/save_dnd.php:define( "_VALID_MOS", 1 );
./components/com_zoom/www/ajaxcallback.php:define( "_VALID_MOS", 1 );
./components/com_zoom/www/view.php:     define( "_VALID_MOS", 1 );
./index2.php:define( '_VALID_MOS', 1 );
./index.php:define( '_VALID_MOS', 1 );
./mambots/editors-xtd/doclink/popups/doclink.conf.php:define( "_VALID_MOS", 1 );
./mambots/editors/jce/jscripts/tiny_mce/popupImage.php:define( '_VALID_MOS', 1 );
./modules/mod_exmenu.php:               define( '_VALID_MOS', 1 );

Unless those files are excepted like the joomla direct access files the request to get them won't work.

RakiuraSkies · **Joined:** Thu Oct 12, 2006 8:18 am **Posts:** 81

wolphin: apologies for the delay in replying to your post! Have today added the code you suggested to my .htaccess -it works beautifully for SMF and the 2 wiki's I have on my site, but apparently not for Gallery 2.2! Bugger! Still 3 out of 4 ain't bad, and I thank you for your suggestion

Does anyone know of any way to extend this functionality to Gallery 2.2 please?

TIA

RS

Whoops -my testing wasn't quite thorough enough. It seems the lines prevent access even via Joomla, with the links to those components now leading ONLY to the Joomla homepage even when logged in. Back to the drawing board.

would a Valid mos or die line added to the index.php or main.php of these components achieve what I am looking for?

digit-head · **Posted:** Mon May 21, 2007 3:19 pm

Has this ever been resolved? I'm also using SMF and Gallery2 and am finding an ever increasing number of attempts by Spammers and Porn pedlers to post crap in the Forums. I've since locked down registration so that all new accounts must be approved, but I'd really like to block direct access to these components...

errae · **Joined:** Fri Feb 01, 2008 9:21 am **Posts:** 17

Did this work? And what is the exact code? (=

digit-head · **Posted:** Sun Sep 28, 2008 2:03 pm

errae wrote:

Did this work? And what is the exact code? (=

Sorry for the delay, If the question is directed at me then no. It did not. Same result as was previously mentioned. Trying to block direct access to Gallery2 or SMF resulted in no access to them at all. However setting 'athorization required' for new user registration through the SMF bridge DID stop the spammers and porn pedlers from being able to do anything. It just adds a little administrative overhead but I can live with that.

Joomla! Discussion Forums

prevent direct access by URL

Quick reply

Who is online