Jump to content

capturing unexpected file requests SOLVED with thanks in the final post


niche

Recommended Posts

this is what's in my .htaccess file:

# This folder does not require access over HTTP# (the following directive denies access by default)Order allow,deny

Link to comment
Share on other sites

Guest So Called

IMO you don't need any of that. I suggest replacing it with this code:

RewriteEngine onRewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /

And remember it has to be named .htaccess That kind of file name is annoying to make under Windows because unlike Linux it doesn't like a file name that is only stuff after the dot. I have to shell out to command line and use REN command to make my .htaccess files on Windows 7. When you try to save it Windows might want to add .TXT or simply refuse to name a file without something in front of the dot. I just name it htaccess.txt and then do what I suggested above to rename it to .htaccess It's the kind of stuff that would annoy anybody who isn't used to dealing with .htaccess files and it appears they may be new to you. Under Apache website visitors cannot access or see files that begin with a period. They are used as directive files for Apache and I think for Linux too. Windows just can't handle it. :) At least not without coaxing...

  • Like 1
Link to comment
Share on other sites

Thanks. Will the new code create an error log? Also, what about apache's rewrite_module. It's currently disabled. Will that be an issue?

Edited by niche
Link to comment
Share on other sites

Guest So Called

Apache probably makes a log. (My shared hosting Apache does.) If you want more (I did) you make your own log from your code. I save my logging in a MySQL table but you could also use a flat text file like Apache does. However if you don't make your own log you'll be stuck with whatever Apache logs and nothing more. I like my own log because I can include much much more. Note that if you create your own log in a MySQL table you'll also have to write log viewer code. (Alternatively, there are various log analysis packages for use on Apache logs. I know nothing about them though.) Yes you will have to enable Apache's rewrite module. Just to elaborate on your first question, Apache's log will show your error files (e.g. 404) in the standard log, along with successes (usually 200 code) and other stuff, one line per site access. I don't know if it comes default enabled in your setup.

Link to comment
Share on other sites

I've successfully made the change and enabled rewrite_module. What should I be looking for?

Link to comment
Share on other sites

Guest So Called

You already mentioned the test earlier. Just make up a nonsense file name and enter it in your browser and it should be redirected to your index.php. You can echo $_SERVER['REQUEST_URI] in that file and it should indicate the bad file name even though it's executing from your index.php. With the .htaccess codes we discussed every access to your web root that cannot be satisfied by an existing resource should end up at your index.php.

Link to comment
Share on other sites

This is the only code in my index.php file:

<?phpecho $_SERVER['REQUEST_URI'];?>

... and I got a file not found error instead of an echo. Any ideas?

Edited by niche
Link to comment
Share on other sites

Nice thread.

RewriteEngine onRewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /

Does the above basically mean.. if the requested file name is not a file you have and/or the requested directory is not a directory you have, then go to index.php? (just clarifying; not too familiar with htaccess conditionals) Thanks.

Link to comment
Share on other sites

Guest So Called
This is the only code in my index.php file:
<?phpecho $_SERVER['REQUEST_URI'];?>

... and I got a file not found error instead of an echo. Any ideas?

Well it's not working. Maybe you need some help from a WAMP enthusiast. I got this stuff to working on my LAMP shared hosting account in about 15 minutes, but I didn't have to configure anything. You should make certain that your Windows is not configured to hide file extensions. Windows is so delusional that you can look at your files in Windows Explorer and not see the full file names, or even see all the files that really exist (system files, hidden files). Windows is evil. Keep reading the manual. Maybe somebody else will have a new idea. I don't understand why more people don't get shared hosting accounts (about $5/month). They don't understand why I don't install a localhost server setup.
Nice thread.
RewriteEngine onRewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /

Does the above basically mean.. if the requested file name is not a file you have and/or the requested directory is not a directory you have, then go to index.php? (just clarifying; not too familiar with htaccess conditionals) Thanks.

One line means "if a file not found" and other line means "if a directory not found" and the last line means "if either of the above, rewrite the access to this." In the example above, this "/" means send it to the default index file. Niche, you might try changing that last line to explicitly state your index.php:
RewriteRule . /index.php

Also, your .htaccess is in your root directory, right? And you did get the dothtaccess, right? .htaccess Gawd this stuff is so easy on a shared hosting account...........

  • Like 1
Link to comment
Share on other sites

Success! Very cool So Called. Boen Robot and especially you made this a great topic. You've demystified an important topic for me. Both of you did excellent work to !

Link to comment
Share on other sites

So Called, Is the method above more suggested or would ErrorDocument also suffice(like what you mentioned in post 7)? It seems like they would basically do the same thing, but with ErrorDocument you would have many of these for example in the .htaccess:

ErrorDocument 401 /error_pages/401.htmlErrorDocument 404 /error_pages/404.htmlErrorDocument 500 /error_pages/500.html

Also, with the way you're showing niche, we can also rewrite rule to an error.php(for example), display an error but at the same time log all necessary info about the request? Thanks.

Link to comment
Share on other sites

Guest So Called

I'm curious what you did to solve it. Just for the satisfaction of knowing what the last killed bug was. This is really cool stuff, having ALL of your files (maybe with the exception of images) served from one single index file. You can handle everything there, even scripts, even CSS, even XML (like sitemap.xml) and RSS, even exceptions like errors, and even images if you want although that's probably pushing it. (I like pushing it.) I got these ideas from working on and dissecting GPL forum software and same when I was playing with WordPress (which works about the same as my suggestions here). I suspect a lot of other CDS softwares work on similar principles. They often use the same platform, LAMP, and having the same tools applied to the same job (delivering content) often results in the same solutions. I hope you'll post in the future if you carry this concept forward and write a serious website using the idea of routing all your traffic through one gateway index.php script, and then "including" other scripts as appropriate to the request. This allows your code to be separated out into individual files of reasonable size, so that they're easy to understand and easy to maintain. And AFAIK everybody who uses WAMP will eventually migrate to LAMP. WAMP is a development platform. LAMP powers much of the Internet.

Edited by So Called
Link to comment
Share on other sites

Guest So Called
So Called, Is the method above more suggested or would ErrorDocument also suffice(like what you mentioned in post 7)? It seems like they would basically do the same thing, but with ErrorDocument you would have many of these for example in the .htaccess:
ErrorDocument 401 /error_pages/401.htmlErrorDocument 404 /error_pages/404.htmlErrorDocument 500 /error_pages/500.html

Also, with the way you're showing niche, we can also rewrite rule to an error.php(for example), display an error but at the same time log all necessary info about the request? Thanks.

I must have missed this post which you probably posted while I was writing my reply. You can redirect the -f and -d to any file you like. It will have to be a script if you want your own log. Apache makes its own log also. I have both ErrorDocument and the rewrite we're discussing. I think it's overly-optimistic to expect to catch all those errors in real life. For example, when Apache throws up its hands and fails out it sends a 500 error to the visitor, but I've never caught one of those errors in my script. I think Apache quits executing scripts when it gets a 500 error. Maybe it might call an HTML error document but I somehow doubt it. I'm not any authority on Apache or PHP, or mod_rewrite for that matter. All I know about is what I did in my code to make things work. I'm sure I have code that doesn't work but doesn't fail either because it's never called. Like the ErrorDocument 500 thing. But the good news is that the 404 stuff works fine. In fact I bet either way would get the job done.
Link to comment
Share on other sites

Guest So Called
Success! Very cool So Called. Boen Robot and especially you made this a great topic. You've demystified an important topic for me. Both of you did excellent work to !
So how did you fix it? I haven't been able to find your reply indicating what finally solved it for you.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...