prevent direct access by URL

RakiuraSkies · Post by **RakiuraSkies** » Wed Nov 29, 2006 10:42 pm

Can anyone recommend a means to prevent direct access to my site components (I have Gallery2, SMF and MediaWiki running 'behind' Joomla 1.0.11) by accessing the URL? I would like any attempts at that sort of thing simply redirected to my homepage, where people can login or register.

TIA

RS

RakiuraSkies · Post by **RakiuraSkies** » Wed Nov 29, 2006 10:59 pm

hmmm... not sure the move was necessary -it is after all a General Joomla question that merely mentions 3 other (3rd party???) products in the context of the query...

whatever

wolphin · Post by **wolphin** » Thu Nov 30, 2006 5:26 am

Adding the following code after the SEF redirect (if used) should block non-Joomla direct access php files.
I'm not quite clear if the components you mention need direct access to their files though.

Code: Select all

RewriteEngine On

#Sef code

########## Redirect attempts to access php files directly
RewriteCond %{REQUEST_URI} !^/$
RewriteCond %{REQUEST_URI} !^/index2?\.php$
RewriteCond %{REQUEST_URI} !^/administrator/index(2|3)?\.php$
RewriteCond %{REQUEST_URI} !^/administrator/popups/(uploadimage|(content|module|poll)window)\.php$
RewriteRule ^.*\.php$ /index.php? [R=301]
########## End redirect attempts to access php files directly

You can of course put another status code instead of 301.

Sadly it seems that if the files requested are forbidden in a or section of the apache config the redirect does not take place.

Also, some components might break if they need to access files directly.

You can try to locate such files by running the following command from the Joomla root dir:

Code: Select all

/usr/bin/find . -type f -exec grep 'define[^d].*_VALID_MOS' {} /dev/null \;

On my system this gives:

Code: Select all

> /usr/bin/find . -type f -exec grep 'define[^d].*_VALID_MOS' {} /dev/null \;
./administrator/components/com_joomlaboard/joomlaboard_mosbot_help.php:define( "_VALID_MOS", 1 );
./administrator/popups/contentwindow.php:define( "_VALID_MOS", 1 );
./administrator/popups/modulewindow.php:define( "_VALID_MOS", 1 );
./administrator/popups/pollwindow.php:define( "_VALID_MOS", 1 );
./administrator/popups/uploadimage.php:define( "_VALID_MOS", 1 );
./administrator/index2.php:define( '_VALID_MOS', 1 );
./administrator/index3.php:define( '_VALID_MOS', 1 );
./administrator/index.php:define( '_VALID_MOS', 1 );
./components/com_zoom/www/admin/save_dnd.php:define( "_VALID_MOS", 1 );
./components/com_zoom/www/ajaxcallback.php:define( "_VALID_MOS", 1 );
./components/com_zoom/www/view.php:     define( "_VALID_MOS", 1 );
./index2.php:define( '_VALID_MOS', 1 );
./index.php:define( '_VALID_MOS', 1 );
./mambots/editors-xtd/doclink/popups/doclink.conf.php:define( "_VALID_MOS", 1 );
./mambots/editors/jce/jscripts/tiny_mce/popupImage.php:define( '_VALID_MOS', 1 );
./modules/mod_exmenu.php:               define( '_VALID_MOS', 1 );

Unless those files are excepted like the joomla direct access files the request to get them won't work.

RakiuraSkies · Post by **RakiuraSkies** » Sat Jan 20, 2007 7:56 am

wolphin: apologies for the delay in replying to your post! Have today added the code you suggested to my .htaccess -it works beautifully for SMF and the 2 wiki's I have on my site, but apparently not for Gallery 2.2! Bugger! Still 3 out of 4 ain't bad, and I thank you for your suggestion

Does anyone know of any way to extend this functionality to Gallery 2.2 please?

TIA

RS

Whoops -my testing wasn't quite thorough enough. It seems the lines prevent access even via Joomla, with the links to those components now leading ONLY to the Joomla homepage even when logged in. Back to the drawing board.

would a Valid mos or die line added to the index.php or main.php of these components achieve what I am looking for?

digit-head · Post by **digit-head** » Mon May 21, 2007 3:19 pm

Has this ever been resolved? I'm also using SMF and Gallery2 and am finding an ever increasing number of attempts by Spammers and Porn pedlers to post crap in the Forums. I've since locked down registration so that all new accounts must be approved, but I'd really like to block direct access to these components...

errae · Post by **errae** » Sun Sep 21, 2008 11:54 pm

Did this work? And what is the exact code? (=

digit-head · Post by **digit-head** » Sun Sep 28, 2008 2:03 pm

errae wrote:Did this work? And what is the exact code? (=

Sorry for the delay, If the question is directed at me then no. It did not. Same result as was previously mentioned. Trying to block direct access to Gallery2 or SMF resulted in no access to them at all. However setting 'athorization required' for new user registration through the SMF bridge DID stop the spammers and porn pedlers from being able to do anything. It just adds a little administrative overhead but I can live with that.

edot3 · Post by **edot3** » Wed Dec 23, 2009 11:26 am

This is a dirty way of doing it, but I stumbled across this post whilst looking for a way to do this myself. There must must be a way to pull out the variables people are requesting via the code (php) and then simply redirect to the home page?

I'm trying to stop direct access to my registration page (index.php?option=com_users&task=register).

I'm going to try and use something along the lines of;

<?

if ( ($option=='com_users') && ($task=='register') ){
do a redirect here;
}

?>

Obviously, this won't work in it's current state, but it might help someone out.

The Joomla! Forum™

prevent direct access by URL

prevent direct access by URL

Re: prevent direct access by URL

Re: prevent direct access by URL

Re: prevent direct access by URL

Re: prevent direct access by URL

Re: prevent direct access by URL

Re: prevent direct access by URL

Re: prevent direct access by URL