Suggestions for htaccess

Discussion regarding Joomla! security issues.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
User avatar
Geraint
Joomla! Guru
Joomla! Guru
Posts: 561
Joined: Fri Aug 19, 2005 5:23 pm
Location: Gogledd Cymru

Suggestions for htaccess

Post by Geraint » Wed Sep 14, 2005 6:33 pm

I have gallery2 and tinyMCE in my setup and I have added a few lines to my .htaccess file so that I have both "belt and braces" protection against unauthorised direct execution of php files.

RewriteEngine On
RewriteBase /

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) index.php [L]

RewriteCond %{REQUEST_URI} !^/$
RewriteCond %{REQUEST_URI} !\.(gif|jpe?g|png|css|js|html?|ico)|gallery2\/main\.php|index?2\.php|administrator|\.pdf$
RewriteCond %{REQUEST_URI} !insert_file\.php|files\.php|insert_flash\.php|manager\.php|images.php|preview\.php$
RewriteRule ^(.*) index.php [L]

Geraint

p.s. for the benefit of en-US readers braces=suspenders
p.p.s for the further benefit of en-US readers suspenders=what women use to keep up their stockings in the UK

friesengeist
Joomla! Guru
Joomla! Guru
Posts: 842
Joined: Sat Sep 10, 2005 10:31 pm

Re: Suggestions for htaccess

Post by friesengeist » Tue Sep 20, 2005 9:27 pm

Another suggestion, although not concentrating on security:

Code: Select all

  RewriteEngine On
  RewriteBase /
  RewriteRule ^component/ index.php
  RewriteRule ^content/ index.php
  ErrorDocument 404 /index.php?option=com_content&task=view&id=108&Itemid=316
I use this to map all SEF-URLs to index.php. Difference to the default .htaccess is that users who use an invalid path will not see my site's homepage but a content item displaying to them the 404-error in an user friendly format (included in my usual site design). Content Item 108 is that user-friendly 404-page, Itemid 316 is the menu-id of my home page.

Defining special "entry-urls" is then as easy as this:

Code: Select all

  RewriteRule ^forum$           index.php?option=com_loudmouth&Itemid=501
We may not be able to control the wind, but we can always adjust our sails

HanOverFist
Joomla! Apprentice
Joomla! Apprentice
Posts: 19
Joined: Fri Sep 09, 2005 1:20 pm

Re: Suggestions for htaccess

Post by HanOverFist » Wed Sep 21, 2005 2:22 pm

Here is a quick overview of redirecting and rewriting.
http://corz.org/serv/tricks/htaccess2.php

Han

User avatar
TheSaint
Joomla! Ace
Joomla! Ace
Posts: 1256
Joined: Sat Aug 20, 2005 4:15 am
Location: California, USA
Contact:

Re: Suggestions for htaccess

Post by TheSaint » Thu Sep 22, 2005 3:16 am

Just out of curiosity, what exactly is the "RewriteEngine On
RewriteBase /" setting? For instance, my Joomla directory is in my /public_html/ root. Would it help if I tweaked this item, or is it fine with the default setting?

Here's the text right after installation:

Code: Select all

#
#  mod_rewrite in use
#

RewriteEngine On

#  Uncomment following line if your webserver's URL 
#  is not directly related to physical file paths.
#  Update YourJoomlaDirectory (just / for root)

# RewriteBase /YourJoomlaDirectory

#
#  Rules
#

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) index.php
Aren't those # marks showing a code "comment", not an actual setting? I'm a bit new to this .htaccess business. :)
Last edited by TheSaint on Thu Sep 22, 2005 3:17 am, edited 1 time in total.
Paul
http://www.gamehostingreviews.com - In development
The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke

friesengeist
Joomla! Guru
Joomla! Guru
Posts: 842
Joined: Sat Sep 10, 2005 10:31 pm

Re: Suggestions for htaccess

Post by friesengeist » Thu Sep 22, 2005 8:51 am

TheSaint wrote: Just out of curiosity, what exactly is the "RewriteEngine On
RewriteBase /" setting? For instance, my Joomla directory is in my /public_html/ root. Would it help if I tweaked this item, or is it fine with the default setting?
RewriteEngine On tells the apache module mod_rewrite to switch this functionality on and do some URL rewriting according to the following commands.
RewriteBase tells mod_rewrite which internal path to use for rewriting. If you have your Joomla! installation in your webservers root (http://www.yourdomain.tld/) than you don't need to use the RewriteBase directive. If you have your installation in lets say yourdomain.tld/joomla/, you would eigther have to change any single RewriteRule to have that relative server path in it (e.g. RewriteRule ^(.*) /joomla/index.php) or uncomment the RewriteBase directive, having it pointing to your relative server path (e.g. RewriteBase /joomla/).
TheSaint wrote: Aren't those # marks showing a code "comment", not an actual setting? I'm a bit new to this .htaccess business. :)
True. It's a comment by default, assuming that most people install Joomla! in the weservers root.
We may not be able to control the wind, but we can always adjust our sails


Locked

Return to “Security - 1.0.x”