Home Web security, .htaccess and upcoming router
Reply: 0

Web security, .htaccess and upcoming router

Derk Jan Speelman
1#
Derk Jan Speelman Published in 2017-12-06 14:25:08Z

So I'm trying to build a router, but before I do that I really need to know my .htaccess better.

I want to be able to control all paths filled in by my users. If I have some files in www.example.com/config/, I don't want users to find out I have files there. Also, files in folders like these are accessible which is not what I want, but I don't know how to fix that. I only have one folder that should be accessible to users: /public.

index.php:

var_dump($_GET['url']);

.htaccess:

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews
    </IfModule>

    RewriteEngine On

    # Redirect to HTTPS...
    RewriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)/$ /$1 [L,R=301]

    # Handle Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.+)$ index.php?url=$1 [QSA,L] [L]
</IfModule>

Now, my index.php says this: string(9) "403.shtml", when the URL is: www.example.com/config/. While it actually should be /config/, right?

Or should I handle this entirely differently? Let me know. Maybe not using $_GET['url'], but $_SERVER['REQUEST_URI'], again: I don't know if that bad or good practice.

Note: I'm not running on nginx, so I can't setup a virtualHost.

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.351318 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO