Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.
Hi all, please see this major site announcement: https://www.boards.ie/discussion/2058427594/boards-ie-2026

mod_rewrite, clean URLs, htacess: prevent direct access to script

  • 06-05-2009 01:01PM
    #1
    [Deleted User]
    Posts: 1,462 ✭✭✭


    Hi All,

    I have started to play around with mod_rewrite on Apache to make "clean URLs" such as http://site/products/12/ instead of http://site/products.php?pid=12

    I can set up the rewrite rules for the likes of above in a .htaccess file and it works well but I was reading on a blog that I should also prevent direct access to the .php scripts and only allow access through the clean URLs.

    What I did was to check in the php for the REQUEST_URI and allow or deny access based on that. I was basically checking if the uri ended in .php (direct access) and allowing or denying based on that.

    I'd just like to know if this is an acceptable way of doing things or if I'm missing something and should be doing it in a better way.

    Thanks,

    Baz.


Comments

  • #2
    Sully
    Moderators, Education Moderators, Technology & Internet Moderators, Regional South East Moderators Posts: 24,071 Mod ✭✭✭✭Sully


    Do a search, I posted up a solution on this a few weeks ago. :)


  • #3
    [Deleted User]
    Posts: 1,462 ✭✭✭ [Deleted User]


    Thanks Sully, I think we are doing slightly different things but I think I got a few ideas from looking at your .htaccess

    I was initially looking to send a 301 back to anyone who tried to access the php directly but now I think I'll use one of the tricks from your one to send them to a relevant base, depending on where they are poking around in.

    Cheers! :)


Advertisement