prevent direct access by URL
Moderator: General Support Moderators
Forum rules
-
- Joomla! Intern
- Posts: 83
- Joined: Thu Oct 12, 2006 8:18 am
prevent direct access by URL
Can anyone recommend a means to prevent direct access to my site components (I have Gallery2, SMF and MediaWiki running 'behind' Joomla 1.0.11) by accessing the URL? I would like any attempts at that sort of thing simply redirected to my homepage, where people can login or register.
TIA
RS
TIA
RS
-
- Joomla! Intern
- Posts: 83
- Joined: Thu Oct 12, 2006 8:18 am
Re: prevent direct access by URL
hmmm... not sure the move was necessary -it is after all a General Joomla question that merely mentions 3 other (3rd party???) products in the context of the query...
whatever
whatever
-
- Joomla! Apprentice
- Posts: 12
- Joined: Wed Aug 30, 2006 12:26 am
Re: prevent direct access by URL
Adding the following code after the SEF redirect (if used) should block non-Joomla direct access php files.
I'm not quite clear if the components you mention need direct access to their files though.
You can of course put another status code instead of 301.
Sadly it seems that if the files requested are forbidden in a or section of the apache config the redirect does not take place.
Also, some components might break if they need to access files directly.
You can try to locate such files by running the following command from the Joomla root dir:
On my system this gives:
Unless those files are excepted like the joomla direct access files the request to get them won't work.
I'm not quite clear if the components you mention need direct access to their files though.
Code: Select all
RewriteEngine On
#Sef code
########## Redirect attempts to access php files directly
RewriteCond %{REQUEST_URI} !^/$
RewriteCond %{REQUEST_URI} !^/index2?\.php$
RewriteCond %{REQUEST_URI} !^/administrator/index(2|3)?\.php$
RewriteCond %{REQUEST_URI} !^/administrator/popups/(uploadimage|(content|module|poll)window)\.php$
RewriteRule ^.*\.php$ /index.php? [R=301]
########## End redirect attempts to access php files directly
Sadly it seems that if the files requested are forbidden in a or section of the apache config the redirect does not take place.
Also, some components might break if they need to access files directly.
You can try to locate such files by running the following command from the Joomla root dir:
Code: Select all
/usr/bin/find . -type f -exec grep 'define[^d].*_VALID_MOS' {} /dev/null \;
Code: Select all
> /usr/bin/find . -type f -exec grep 'define[^d].*_VALID_MOS' {} /dev/null \;
./administrator/components/com_joomlaboard/joomlaboard_mosbot_help.php:define( "_VALID_MOS", 1 );
./administrator/popups/contentwindow.php:define( "_VALID_MOS", 1 );
./administrator/popups/modulewindow.php:define( "_VALID_MOS", 1 );
./administrator/popups/pollwindow.php:define( "_VALID_MOS", 1 );
./administrator/popups/uploadimage.php:define( "_VALID_MOS", 1 );
./administrator/index2.php:define( '_VALID_MOS', 1 );
./administrator/index3.php:define( '_VALID_MOS', 1 );
./administrator/index.php:define( '_VALID_MOS', 1 );
./components/com_zoom/www/admin/save_dnd.php:define( "_VALID_MOS", 1 );
./components/com_zoom/www/ajaxcallback.php:define( "_VALID_MOS", 1 );
./components/com_zoom/www/view.php: define( "_VALID_MOS", 1 );
./index2.php:define( '_VALID_MOS', 1 );
./index.php:define( '_VALID_MOS', 1 );
./mambots/editors-xtd/doclink/popups/doclink.conf.php:define( "_VALID_MOS", 1 );
./mambots/editors/jce/jscripts/tiny_mce/popupImage.php:define( '_VALID_MOS', 1 );
./modules/mod_exmenu.php: define( '_VALID_MOS', 1 );
Last edited by wolphin on Thu Nov 30, 2006 6:20 am, edited 1 time in total.
-
- Joomla! Intern
- Posts: 83
- Joined: Thu Oct 12, 2006 8:18 am
Re: prevent direct access by URL
wolphin: apologies for the delay in replying to your post! Have today added the code you suggested to my .htaccess -it works beautifully for SMF and the 2 wiki's I have on my site, but apparently not for Gallery 2.2! Bugger! Still 3 out of 4 ain't bad, and I thank you for your suggestion
Does anyone know of any way to extend this functionality to Gallery 2.2 please?
TIA
RS
Whoops -my testing wasn't quite thorough enough. It seems the lines prevent access even via Joomla, with the links to those components now leading ONLY to the Joomla homepage even when logged in. Back to the drawing board.
would a Valid mos or die line added to the index.php or main.php of these components achieve what I am looking for?
Does anyone know of any way to extend this functionality to Gallery 2.2 please?
TIA
RS
Whoops -my testing wasn't quite thorough enough. It seems the lines prevent access even via Joomla, with the links to those components now leading ONLY to the Joomla homepage even when logged in. Back to the drawing board.
would a Valid mos or die line added to the index.php or main.php of these components achieve what I am looking for?
Last edited by RakiuraSkies on Sat Jan 20, 2007 8:01 am, edited 1 time in total.
- digit-head
- Joomla! Apprentice
- Posts: 38
- Joined: Sun Aug 21, 2005 3:42 pm
- Location: San Diego, California
- Contact:
Re: prevent direct access by URL
Has this ever been resolved? I'm also using SMF and Gallery2 and am finding an ever increasing number of attempts by Spammers and Porn pedlers to post crap in the Forums. I've since locked down registration so that all new accounts must be approved, but I'd really like to block direct access to these components...
"You can watch things happen, you can make things happen or you can wonder what just happened." - Captain Phill Harris
-
- Joomla! Apprentice
- Posts: 17
- Joined: Fri Feb 01, 2008 9:21 am
Re: prevent direct access by URL
Did this work? And what is the exact code? (=
- digit-head
- Joomla! Apprentice
- Posts: 38
- Joined: Sun Aug 21, 2005 3:42 pm
- Location: San Diego, California
- Contact:
Re: prevent direct access by URL
Sorry for the delay, If the question is directed at me then no. It did not. Same result as was previously mentioned. Trying to block direct access to Gallery2 or SMF resulted in no access to them at all. However setting 'athorization required' for new user registration through the SMF bridge DID stop the spammers and porn pedlers from being able to do anything. It just adds a little administrative overhead but I can live with that.errae wrote:Did this work? And what is the exact code? (=
"You can watch things happen, you can make things happen or you can wonder what just happened." - Captain Phill Harris
-
- Joomla! Intern
- Posts: 76
- Joined: Mon Jun 11, 2007 3:39 pm
- Location: Newcastle Upon Tyne
Re: prevent direct access by URL
This is a dirty way of doing it, but I stumbled across this post whilst looking for a way to do this myself. There must must be a way to pull out the variables people are requesting via the code (php) and then simply redirect to the home page?
I'm trying to stop direct access to my registration page (index.php?option=com_users&task=register).
I'm going to try and use something along the lines of;
<?
if ( ($option=='com_users') && ($task=='register') ){
do a redirect here;
}
?>
Obviously, this won't work in it's current state, but it might help someone out.
I'm trying to stop direct access to my registration page (index.php?option=com_users&task=register).
I'm going to try and use something along the lines of;
<?
if ( ($option=='com_users') && ($task=='register') ){
do a redirect here;
}
?>
Obviously, this won't work in it's current state, but it might help someone out.