Page 1 of 1

Preventing DIRECT access to files

Posted: Wed Sep 19, 2007 8:45 am
by kkonline
I am using mod rewrite rules for redirecting. An example of the rule is as below

Code: Select all

RewriteRule ^/?(1)/([0-9]+)/([0-9]+)/([a-zA-Z])$ dir/index.php?sid=$1&catid=$2&page=$3&alphabet=$4
Now someone who knows that there exists a folder dir can write
example.com/dir/index.php access the file although it requires sid, catid, page and alphabet as a must. I want to prohibit this.

writing example.com/dir/index.php should give a notice "wrong url come thru proper redirection" but example.com/1/1/1/ should redirect to correct path without any errors. How to do this??

Posted: Wed Sep 19, 2007 8:58 am
by superdezign
Using "RewriteCond" and "-f" (file exists) or "-d" (directory exists) should help you out. You may want to restrict it to certain file types because it also counts for images and such.

Posted: Wed Sep 19, 2007 9:01 am
by kkonline
superdezign wrote:Using "RewriteCond" and "-f" (file exists) or "-d" (directory exists) should help you out. You may want to restrict it to certain file types because it also counts for images and such.
Can you quote a small example in what way it will be helpful. What will happen if someone write mysite.com/dir/index.php ???

Re: Preventing DIRECT access to files

Posted: Wed Sep 19, 2007 9:12 am
by stereofrog
kkonline wrote: Now someone who knows that there exists a folder dir can write
example.com/dir/index.php access the file although it requires sid, catid, page and alphabet as a must. I want to prohibit this.
In index.php, compare REQUEST_URI and SCRIPT_NAME and raise an error in they match.
This doesn't free you from checking input parameters.

Posted: Wed Sep 19, 2007 10:07 am
by feyd
Mod_rewrite questions have nothing to do with PHP Code per se. Therefore this is moved to Installation.