how do i get to restrict access to my folders - codeigniter

am using codeigniter to build a website with a lot of image galleries , i store the images in folders ,but i want to restrict access to the folders via url .i.e i don't want people to have access to my image folder using a url like this::
http://website/all_images/
all images is the folder that contains the image folder .. i tried using a htaccess file
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^CI_system.*
RewriteRule ^(.*)$ /website/index.php?/$1 [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond $1 !^(index\.php|all_images)
RewriteRule ^(.*)$ /website/index.php?/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
ErrorDocument 404 /index.php
</IfModule>
the rewrite condition for the index.php works well but i still get access to all my folders via the url

If you want to disable folders to be viewed, just add empty index.html file, but if you try to protect images from being viewed then your website wont be able to find them too

Why don't you create an index file under that folder. In this way no will will be able to view images under that folder.
You can make this file call a function that says "access denied" or whatever you need.

Options -Indexes in your htaccess file will stop directory viewing no extra files needed. and if you want to stop direct image viewing i.e. myweb.com/all_images/coolpic.jpg then all you have to do is (since your base is / you can use the whole one below):
Options -Indexes
ErrorDocument 404 /index.php
DirectoryIndex index.php
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L,QSA]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?myweb.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]
</IfModule>
All you would have to change is the line with your web address in it and add all of your file types to the last rewrite rule (seperating each with a pipe |) and then this will cover all of the angles you have discussed 100%.

Related

.htaccess to provide 'flattened' search engine friendly CMS URLs

I am using CMSMADESIMPLE for a website. It can generate search engine friendly URLs using a .htaccess file and mod_rewrite.
BUT it is possible to insert anything between the base url and the requested page. For example all these URLs will work:
www.example.com/aboutus
www.example.com/home/aboutus
www.example.com/any/rubbish/i/enter/aboutus
I have seen other sites using Wordpress where it is possible to enter the same in the address window, but it will redirect back to the lowest level i.e. www.example.com/aboutus. I would like to achieve the same thing but cannot master .htaccess to do it.
The relevant bits of the .htaccess file are:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?page=$1 [QSA]
</IfModule>
I am assuming that this is something that can be achieved just using mod_rewrite and doesn't require changes to the PHP code within the CMS.
If that's not possible I would like to setup a permanent redirect from some URLs within the CMS which have been indexed by Google.
i.e From www.example.com/home/aboutus to www.example.com/aboutus
I tried adding a RewriteRule to .htaccess without success:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
RewriteRule home/aboutus aboutus [R=301]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?page=$1 [QSA]
</IfModule>
Any help appreciated.
Look at the sample htaccess.txt file in the doc folder. There is a section about parent child.
# Rewrites urls in the form of /parent/child/
# but only rewrites if the requested URL is not a file or directory
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?page=$1 [QSA]

Codeignitier mod_rewrite and parent folder

I am using CodeIgniter and I am trying to remove the index.php from the urls. I have mod_rewrite enabled in Apache, I set the index to a blank string in the CI config file and I am using the .htaccess file found at the bottom of the page. I think part of the problem might be that my application and system folders are not in my document root. My local server folder structure looks like this:
mysite.dev/
-public_html (server root)
-application
-system
-.htaccess
I did it that way because I read that it would be extra security having the application and system outside of the public_html folder. But the rewrite rules aren't working and I suspect it has something to do with this. I'm relatively new to this so I really appreciate any help!
my htaccess file:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#’system’ can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#When your application folder isn’t in the system folder
#This snippet prevents user access to the application folder
#Submitted by: Fabdrol
#Rename ’application’ to your applications folder name.
RewriteCond %{REQUEST_URI} ^application.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn’t true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
# If we don’t have mod_rewrite installed, all 404′s
# can be sent to index.php, and everything works as normal.
# Submitted by: ElliotHaughin
ErrorDocument 404 /index.php
</IfModule>
I have used that code in my .htaccess file as it's working for me.
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php/$0 [PT,L]

Removing index.php and handling subdomains of two Codeigniter sites, when one within the other

I have two Codeigniter sites, one sitting within the subdirectory of the other. I need some help modifying my htaccess file to remove index.php from both.
The first site, http://subdomain.domain.com is stored in /home/sites/subdomain/www/html/
The second, http://test.subdomain.domain.com lives in /home/sites/subdomain/www/html/app_staging/
This is my .htacess file from /home/sites/subdomain/www/html/:
RewriteEngine On
# Rewrite the main domain
RewriteCond %{HTTP_HOST} !test.subdomain.domain.com
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?/$1 [L]
# Rewrite the sub domain
RewriteCond %{HTTP_HOST} test.subdomain.domain.com
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^/(.*)$ /app_staging/index.php?/$1 [L]
This is removing index.php from the from the first site, everything is ok there. On the second site, I can load the default controller form http://test.subdomain.domain.com, but subsequent pages return a 404 from the server. What are my next steps?
You should put each of two .htaccess files inside their own root CI folder.
Personally, I prefer restricting requested files and/or folders in order to prevent them from being treated by RewriteRule.
So, for the first file which is located at /home/sites/subdomain/www/html/:
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine on
RewriteCond $1 !^(index\.php|robots\.txt|favicon\.ico|public)
RewriteRule ^(.*)$ /index.php/$1 [L]
</IfModule>
And for the other one is located at /home/sites/subdomain/www/html/app_staging/:
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine on
RewriteCond $1 !^(index\.php|robots\.txt|favicon\.ico|public)
RewriteRule ^(.*)$ /app_staging/index.php/$1 [L]
</IfModule>
Note: You must add css and other folders (like public) to RewriteCond if you don’t want them to be treated by RewriteRule.
As a side-note: You might want to prevent directory listing by using the following inside each .htaccess file:
<IfModule mod_autoindex.c>
Options -Indexes
</IfModule>

Codeigniter - removing index.php

I downloaded MyClientBase application which is based on code igniter. After the installation, I looked at the MyClientBase's website but the index.php is still there by default.
I tried to remove the index.php using the tips in codeigniter's user guide but it doesn't work.
Is there any solution out there for this issue? Thank you
I use the following .htaccess file to remove index.php. I'm not sure which one the user guide specifies, but I found this to be working perfectly:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ index.php/$1 [L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
#This last condition enables access to the images and css folders, and the robots.txt file
RewriteCond $1 !^(index\.php|(.*)\.swf|images|robots\.txt|css|docs|cache)
RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
# If we don't have mod_rewrite installed, all 404's
# can be sent to index.php, and everything works as normal.
ErrorDocument 404 /index.php
</IfModule>
Also remove 'index.php' from your config.php file. Good luck!
i don't know if it will help but, i use this to remove my index.php from codeigniter url, create a file named .htaccess and put it to your codeigniter folder.
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?/$1 [L]

Rewrite URL to subfolder with multiple APPs

I have multiple CakePHP Projects hosted on same domain and some randoms folders with randons files, for organize I separated APPs on folder, but I have the "main" app that are in site folder, when user access domain it should rewrite URL to /site, my problems are with randoms folders, when I try access domain.com/exist_folder it redirect me to /site.
I dont want to rewrite if file/directory exist on server.
Example of FTP Tree
public_html/
-cakephp (CakePHP Core)/
- ...
-site (CakePHP App)/
- ...
-.htaccess
-webroot/
-.htaccess
-exist_folder/
- whateverfiles.ext
-app1 (CakePHP App)/
- ...
-.htaccess
-webroot/
-.htaccess
-folder1/
-temp/
-images
-videos
-.htaccess
My .htaccess
public_html/.htaccess
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^$ site/ [L]
RewriteRule (.*) site/$1 [L]
</IfModule>
site/.htaccess AND app1/.htaccess
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ webroot/ [L]
RewriteRule (.*) webroot/$1 [L]
</IfModule>
site/webroot/.htaccess AND app1/webroot/.htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]
</IfModule>
So basically you have some folders which you don't want to pass through Cake's routing and dispatcher. For this, add the following lines in your public_html/.htacess file:
RewriteRule ^(exist_folder).* - [NC,L]
This will allow direct access to the exist_folder which is in root directory. Accessing http://domain.com/exist_folder would be possible after adding this rule.
If you are looking for an automated solution (Your lines: I dont want to rewrite if file/directory exist on server), create a php file which will generate a .htaccess file with above mentioned RewriteRule basing on is_dir(). Whenever you add a folder, run this php file which'll generate a .htaccess with all the exceptions added :)

Resources