.htaccess help - Joomla! Forum - community, help and support
hi, need .htaccess file..
above default .htaccess file ships joomla... using extension less url (e.g. http://www.website.com/somerequest) website...and http request(404 error) failing me when last word in url contain dot(.) character(e.g. http://www.website.com/some.request). if comment below line default joomla .htaccess file request reaching joomla , works fine me...
#rewritecond %{request_uri} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [nc]
my question there security issue if comment out above line? there other way solve problem?
code: select all
##
# @version $id: htaccess.txt 10492 2008-07-02 06:38:28z ircmaxell $
# @package joomla
# @copyright copyright (c) 2005 - 2008 open source matters. rights reserved.
# @license http://www.gnu.org/copyleft/gpl.html gnu/gpl
# joomla! free software
##
#####################################################
# read if choose use file
#
# line below section: 'options +followsymlinks' may cause problems
# server configurations. required use of mod_rewrite, may already
# set server administrator in way dissallows changing in
# .htaccess file. if using causes server error out, comment out (add # to
# beginning of line), reload site in browser , test sef url's. if work,
# has been set server administrator , not need set here.
#
#####################################################
## can commented out if causes errors, see notes above.
options +followsymlinks
#
# mod_rewrite in use
rewriteengine on
########## begin - rewrite rules block out common exploits
## if experience problems on site block out operations listed below
## attempts block common type of exploit `attempts` joomla!
#
# block out script trying set mosconfig value through url
rewritecond %{query_string} mosconfig_[a-za-z_]{1,21}(=|\%3d) [or]
# block out script trying base64_encode crap send via url
rewritecond %{query_string} base64_encode.*\(.*\) [or]
# block out script includes <script> tag in url
rewritecond %{query_string} (\<|%3c).*script.*(\>|%3e) [nc,or]
# block out script trying set php globals variable via url
rewritecond %{query_string} globals(=|\[|\%[0-9a-z]{0,2}) [or]
# block out script trying modify _request variable via url
rewritecond %{query_string} _request(=|\[|\%[0-9a-z]{0,2})
# send blocked request homepage 403 forbidden error!
rewriterule ^(.*)$ index.php [f,l]
#
########## end - rewrite rules block out common exploits
# uncomment following line if webserver's url
# not directly related physical file paths.
# update joomla! directory (just / root)
#rewritebase /
########## begin - joomla! core sef section
#
rewritecond %{request_filename} !-f
rewritecond %{request_filename} !-d
rewritecond %{request_uri} !^/index.php
#rewritecond %{request_uri} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [nc]
rewriterule (.*) index.php
rewriterule .* - [e=http_authorization:%{http:authorization},l]
#
########## end - joomla! core sef section
above default .htaccess file ships joomla... using extension less url (e.g. http://www.website.com/somerequest) website...and http request(404 error) failing me when last word in url contain dot(.) character(e.g. http://www.website.com/some.request). if comment below line default joomla .htaccess file request reaching joomla , works fine me...
#rewritecond %{request_uri} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [nc]
my question there security issue if comment out above line? there other way solve problem?
your webserver thinks asking .request file... there no such thing.
you can have "." in subdomain... can't use trying do
you can have "." in subdomain... can't use trying do
Comments
Post a Comment