.htaccess - hidden at last

Author Message

Simion Ward

Sunday 21 December 2003 11:24:51 pm

Hi,

I've finally managed to hide the index.php part of my urls without having to modify the httpd.conf file. So here's how I did it. (ezCrew or anyone who knows .htaccess config, please could you check this for potential security issues as I am not a .htaccess specialist)

Step 1:
In my document root .htaccess file, I created a redirect to my ezp3 directory.

**********************************************
Options ExecCGI FollowSymLinks Includes MultiViews

<FilesMatch "(index\.php|\.(gif|jpe?g|png|css|js|html))$">
order allow,deny
allow from all
</FilesMatch>

RewriteEngine On
RewriteRule ^$ /<path-to-ezPublish>/ [R]
RewriteRule ^/(.*)$ /<path-to-ezPublish>/$1

DirectoryIndex index.php
********************************************

Step 2:
Added code to my ezPublish directory .htaccess file to remove the index.php part of the url.

*********************************************
<FilesMatch "(index\.php|\.(gif|jpe?g|png|css|js|html))$">
order allow,deny
allow from all
</FilesMatch>

Options ExecCGI FollowSymLinks Includes MultiViews

RewriteEngine on
# we are reached via /<path-to-ezpublish>/ prefix
RewriteBase /<path-to-ezPublish>/
# first we rewrite the root dir to the handling php script
RewriteRule ^$ index.php [L]
RewriteRule ^index\.html$ index.php [L]

# strip out the subdirs when the browser requests us from per dir pages
RewriteRule ^.+/<path-to-ezPublish>+/.$ $1 [L]

# and now break the rewriting for local files
RewriteRule ^<path-to-ezPublish>\.php.* - [L]
RewriteRule ^settings\.* - [L]
RewriteRule ^design\.* - [L]
RewriteRule ^var\.* - [L]

# anything else is a subdir which gets handled by another php script
RewriteRule !^index\.php.* - [C]
RewriteRule (.*) index.php/$1

*********************************************

Its working for me.

Simon
http://www.webrak.co.uk

Ekkehard Dörre

Thursday 25 December 2003 2:59:26 am

Hi Simon,

you should protect the settings/xxxxx.ini files like in the nVH setup with
http://ez.no/developer/ez_publish_3/documentation/configuration/security/nonvirtualhost
Edit a this place:
# and now break the rewriting for local files
RewriteRule ^<path-to-ezPublish>\.php.* - [L]
RewriteRule ^settings\.* - [L]
RewriteRule ^design\.* - [L]
RewriteRule ^var\.* - [L]

to:

# and now break the rewriting for local files
RewriteRule ^<path-to-ezPublish>\.php.* - [L]
#RewriteRule ^settings\.* - [L]
RewriteRule ^design\.* - [L]
RewriteRule ^var\.* - [L]

and the directory is protected.

I think in some cases you need

<FilesMatch "(index\.php|\.(gif|jpe?g|png|css|js|html))$">
order allow,deny
allow from all
Options Indexes FollowSymLinks MultiViews Includes ExecCGI
</FilesMatch>

instead of

<FilesMatch "(index\.php|\.(gif|jpe?g|png|css|js|html))$">
order allow,deny
allow from all
</FilesMatch>

Thanks for the nice work,

greetings ekke

http://www.coolscreen.de - Over 40 years of certified eZ Publish know-how: http://www.cjw-network.com
CJW Newsletter: http://projects.ez.no/cjw_newsletter - http://cjw-network.com/en/ez-publ...w-newsletter-multi-channel-marketing

Pål Øystein Carlsen

Wednesday 07 January 2004 5:05:07 am

This looks very nice and I am looking for something similar. However on the webhost I am using the ezpublish installation is in a subfolder. When I create the first .htaccess file like this:

Options ExecCGI FollowSymLinks Includes MultiViews

<FilesMatch "(index\.php|\.(gif|jpe?g|png|css|js|html))$">
order allow,deny
allow from all
</FilesMatch>

RewriteEngine On
RewriteRule ^$ /ezpublish-3.2-3/ [R]
RewriteRule ^/(.*)$ /ezpublish-3.2-3/$1
DirectoryIndex index.php

it correctly finds my ezpublis index.php and displays the page, but the url looks like this: http://www.example.com/ezpublish-3.2-3/

The .htaccess file in the ezpublish-3.2-3 folder looks like this:
<FilesMatch "(index\.php|\.(gif|jpe?g|png|css|js|html))$">
order allow,deny
allow from all
</FilesMatch>

Options ExecCGI FollowSymLinks Includes MultiViews

RewriteEngine on
# we are reached via /ezpublish-3.2-3/ prefix
RewriteBase /ezpublish-3.2-3/
# first we rewrite the root dir to the handling php script
RewriteRule ^$ index.php [L]
RewriteRule ^index\.html$ index.php [L]

# strip out the subdirs when the browser requests us from per dir pages
RewriteRule ^.+/ezpublish-3.2-3+/.$ $1 [L]

# and now break the rewriting for local files
RewriteRule ^ezpublish-3.2-3\.php.* - [L]
#RewriteRule ^settings\.* - [L]
RewriteRule ^design\.* - [L]
RewriteRule ^var\.* - [L]

# anything else is a subdir which gets handled by another php script
RewriteRule !^index\.php.* - [C]
RewriteRule (.*) index.php/$1

Where is my error? Could this have something to do with the site.ini.append files? I have tried several settings for SiteURL but what is correct?
SiteURL=example.com
Is what I am using but i have tried several variations with no luck.
Help would be appreciated greatly.

Ekkehard Dörre

Thursday 15 January 2004 8:09:24 am

@ Simion Ward

I've a problem in admin on
http://example.com/index.php/admin/content/view/full/2
and
http://example.com/admin/content/view/full/2
redirect me to http://example.com/index.php

adding a trailing slash, then it works.

I tried to add the slash automatically:

############## after RewriteEngine on

#If URL has no ending with "/"
RewriteCond %{REQUEST_URI} !/$
# and If URL has no ending with
RewriteCond %{REQUEST_URI} ![^.]*\.[gif|css|jpe?g|png|js|asf|avi|wmv|swf|xsl|jar]+$
# then make the trailing slash
RewriteCond %{HTTP_HOST} (.+)
RewriteRule (.*) http://%1/$1/ [L]

#############

I think it works, can you check it?

Greetings, ekke

http://www.coolscreen.de - Over 40 years of certified eZ Publish know-how: http://www.cjw-network.com
CJW Newsletter: http://projects.ez.no/cjw_newsletter - http://cjw-network.com/en/ez-publ...w-newsletter-multi-channel-marketing

Brendan Pike

Tuesday 21 September 2004 3:41:36 am

Hi Ekkehard

Did you ever get your trailing slash code to work?? I'm having similiar trouble on someones host and would love to see your full .htaccess file if possible. I wasn't able to encorporate your code into mine succesfully.

Thanks
Brendan

www.dbinformatics.com.au

We are always interested in hearing from experienced eZ PHP programmers and eZ template designers interested in contract work.

Ekkehard Dörre

Tuesday 21 September 2004 4:57:15 am

Yep. This is for 3.4


DirectoryIndex index.php

<FilesMatch "(index\.php|\.(gif|html|css|jpe?g|png|ico|js|asf|avi|wmv|swf|xsl|jar|pdf|doc))$">
order allow,deny
allow from all
Options Indexes FollowSymLinks Includes ExecCGI
</FilesMatch>


RewriteEngine on
# we are reached via /<path-to-ezpublish>/ prefix
#RewriteBase /<path-to-ezPublish>/ #if ezPublish is not in root directory take this and not the following
RewriteBase /

# IF URI does not end with "/" ###################
RewriteCond %{REQUEST_URI} !/$
# and IF URI does not end with <anything> <dot> <something>
RewriteCond %{REQUEST_URI} ![^.]*\.[php|html|gif|css|jpe?g|png|ico|js|asf|avi|wmv|swf|xsl|jar|pdf|doc]+$

#RewriteCond %{REQUEST_URI} [index\.php]+$
# THEN append trailing slash and redirect the client
RewriteCond %{HTTP_HOST} (.+)
RewriteRule (.*) http://%1/$1/ [L]


# first we rewrite the root dir to the handling php script
RewriteRule ^$ index.php [L]
RewriteRule ^index\.html$ index.php [L]

# strip out the subdirs when the browser requests us from per dir pages
#RewriteRule ^.+/<path-to-ezPublish>+/.$ $1 [L] #if ezPublish is not in root directory take this and not the following
RewriteRule ^.+/.$ $1 [L]

# and now break the rewriting for local files
#RewriteRule ^<path-to-ezPublish>\.php.* - [L] #if ezPublish is not in root directory take this and not RewriteRule ^\.php.* - [L]

# exclude here directories or files eg. your webmail, phpadsnew, pphlogger
#start for 3.4, for 3.0 - 3.3 replace this part with code below.
RewriteRule ^\.php.* - [L]
RewriteRule ^design\.* - [L]
RewriteRule ^var/.*/storage\.* - [L]
RewriteRule ^var/storage\.* - [L]
RewriteRule ^var/.*/cache\.* - [L]
RewriteRule ^var/cache\.* - [L]
RewriteRule ^extension/.*/design\.* - [L]
RewriteRule ^kernel/setup/packages\.* - [L]
RewriteRule ^packages\.* - [L]
RewriteRule ^share/icons\.* - [L]
#end for 3.4

# anything else is a subdir which gets handled by another php script
RewriteRule !^index\.php.* - [C]
RewriteRule (.*) index.php/$1

the 3.0 - 3.3 part:


#start for 3.0 - 3.3
RewriteRule ^\.php.* - [L]
RewriteRule ^design\.* - [L]
RewriteRule ^var/.*/storage\.* - [L]
RewriteRule ^var/storage\.* - [L]
RewriteRule ^var/.*/cache\.* - [L]
RewriteRule ^var/cache\.* - [L]
RewriteRule ^extension/.*/design\.* - [L]
RewriteRule ^kernel/setup/packages\.* - [L]
#end for 3.0 - 3.3

Now you can search <i>ezurl</i> and replace with <i>ezroot</i> in all your templates, then you'll have full nice url fun in nvH environment

Greetings, ekke

http://www.coolscreen.de - Over 40 years of certified eZ Publish know-how: http://www.cjw-network.com
CJW Newsletter: http://projects.ez.no/cjw_newsletter - http://cjw-network.com/en/ez-publ...w-newsletter-multi-channel-marketing

Brendan Pike

Tuesday 05 October 2004 12:58:51 am

Thanks Ekkehard, a very useful contribution

It's nicely written rewrite, I have made a couple of small fixes.

I discovered that the rewrite would not honour https and that non friendly urls in my admin.domain.com were failing.

This line:
RewriteRule ^.+/.$ $1 [L]
needs to be changed to this:
RewriteRule ^.+/.$/ $1 [L]

This line:
RewriteRule (.*) http://%1/$1/ [L]
needs to be replaced with:
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%1/$1/ [L]

www.dbinformatics.com.au

We are always interested in hearing from experienced eZ PHP programmers and eZ template designers interested in contract work.

Alexandre Cunha

Friday 15 October 2004 10:25:11 am

Thanks for this contribution.

I have a problem:
after replace ezurl with ezroot, i lost the siteaccess part in the url.
And i really dont like the idea to replace ezurl in every template.

There is any other way ? My sugestion is not replace ezurl on templates and change the php code ... but where ?

My sugestion is: add a ini setting to disable ezurl add the "index-php" in the url

axel

http://AlexandreCunha.com

szczym cakcak

Tuesday 08 February 2005 3:09:44 am

Yes, Me too lost site access from URL (that i use as language indicator) after changing ezurl into ezroot with that .htaccess (the one that is published on white background by Ekkehard) and from now on all requests that should end with 404 or (kernel 20 problem, as fare as i remember) end up on the root dir of website. So all is KAPUT.

Could any one of You, Console Masters fix that .htaccess to leave siteaccess in its place and add proper 404 handling please?

Thanx a lote. That will enable my group to finish really cool website ;)

Ekkehard Dörre

Tuesday 08 February 2005 3:48:23 am

in settings/override/site.ini.append.php

[SiteSettings]
DefaultAccess=news

This is for the siteaccess with having it namend in URL.

errorhandler

# What to do when a module does not exists, use either defaultpage or displayerror
# If defaultpage is used, the DefaultPage will be shown when an error occured
ErrorHandler=displayerror

No 404 is delivered. I use sometimes the sitemap as 404:

# The default page to show, e.g. after user login this will be used for default redirection
DefaultPage=/content/view/sitemap/2/

Not testet but one possibility for you:

[SiteAccessSettings]
# Set to true if you want to force VirualHost mode (with RewriteRules in apache)
# If this is set to true nonVirtaulHost mode will not work correctly
ForceVirtualHost=true

Greetings, ekke

http://www.coolscreen.de - Over 40 years of certified eZ Publish know-how: http://www.cjw-network.com
CJW Newsletter: http://projects.ez.no/cjw_newsletter - http://cjw-network.com/en/ez-publ...w-newsletter-multi-channel-marketing

szczym cakcak

Tuesday 08 February 2005 4:26:47 am

Its not working... here is my settings/override/site.ini.append.php


[Session]
SessionNameHandler=custom

[SiteSettings]
DefaultAccess=pl
SiteList[]
SiteList[]=pl
SiteList[]=en
ErrorHandler=displayerror

[SiteAccessSettings]
ForceVirtualHost=true
CheckValidity=false
AvailableSiteAccessList[]
AvailableSiteAccessList[]=pl
AvailableSiteAccessList[]=en
AvailableSiteAccessList[]=pl_admin
MatchOrder=uri
HostMatchMapItems[]
URIMatchType=element
URIMatchElement=1
URIMatchRegexp=^/([^/]+)/
URIMatchRegexpItem=1
RequireUserLogin=false
ShowHiddenNodes=false
DebugAccess=enabled

[ContentSettings]
TranslationList=eng-GB;pol-PL

here is my settings/siteaccess/pl/site.ini.append.php


# Use either enabled or disabled
Translation=enabled
# Enable this if you want to percieve the url as a path element
# for the node tree. By entering the path in the url and ending it
# with a .html you will get the correct node.
NodeTranslation=enabled

[SiteSettings]
SiteName=obin
SiteURL=ez.obin.org
LoginPage=embedded

[UserSettings]
RegistrationEmail=


[DesignSettings]
SiteDesign=obin
AdditionalSiteDesignList[]=base

[RegionalSettings]
Locale=pol-PL
ContentObjectLocale=pol-PL
TextTranslation=enabled

[FileSettings]
VarDir=var/obin

and here is my settings/siteaccess/en/site.ini.append.php :

[URLTranslator]
# Use either enabled or disabled
Translation=enabled
# Enable this if you want to percieve the url as a path element
# for the node tree. By entering the path in the url and ending it
# with a .html you will get the correct node.
NodeTranslation=enabled



[SiteSettings]
SiteName=obin
SiteURL=ez.obin.org
LoginPage=embedded

[UserSettings]
RegistrationEmail=

[DesignSettings]
SiteDesign=obin
AdditionalSiteDesignList[]=base

[RegionalSettings]
Locale=eng-GB
ContentObjectLocale=eng-GB
TextTranslation=enabled

[ContentSettings]
TranslationList=eng-GB;pol-PL

[FileSettings]
VarDir=var/obin

now after experimenting with overiding site.ini i get kernel error 1 on any page in en (/index.php/en/stuff/not_works) but (/index.php/pl/stuff/not_works) works fine.

Thanx for your help.

Brendan Pike

Tuesday 08 November 2005 10:43:45 pm

Hi guys

I have found an example of this where it leaves the eZ publish var directory insecure allowing the var directories to be traversed and the contents shown. On some hosts you have to set the whole var to 777 permissions possibly leaving this quite insecure.

This thread resulted in the following doc page.
http://ez.no/products/ez_publish_cms/documentation/configuration/security/non_virtualhost

I'm not to cluely with rewrites, is anyone willing to try and increase the security of this solution? If so contact me at brendan [at] dbinformatics.com.au and I'll help with verification.

www.dbinformatics.com.au

We are always interested in hearing from experienced eZ PHP programmers and eZ template designers interested in contract work.

Benj Duval

Tuesday 21 March 2006 7:01:49 pm

<i>Now you can search ezurl and replace with ezroot in all your templates, then you'll have full nice url fun in nvH environment</i>

Ok, is there an easy way to replace ezurl by ezroot ?

Or better, is there a single file to edit to define link of ezurl to match ezroot ?

I got index.php removed on NVH, now i'm looking for an easy way to convert all the links (in particular the content generated links).

Thanks,
Benj

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.