Some days back I published an article about SQL Injection. In this article very small discussion about .htaccess file. After lots of requests I publish this article to add more security to your php application using .htaccess file.
In this tutorial I want to explain about hiding .php extensions and URL rewriting. So improve your Web projects security and quality.
Making .htaccess file
Very simple open any editor like notepad just file save as into .htaccess with in double quotations(".htacess"). You have to upload this file in to hosting root folder, my experience .htaccess file supports only Unix based servers.
Download Sample .htaccess File
Hide .php extension with URL Rewriting
For example if we want to project like Twitter API URLs (Note: Twitter API Developed in Ruby on Rails)
Add this following code in your .htaccess file
RewriteEngine on
RewriteRule ^(.*)\$ $1.php
RewriteRule ^(.*)\$ $1.php
We can Rewrite index.php into index.html,index.asp,index.sri also
Below code for index.php to index.html
RewriteEngine on
RewriteRule ^(.*)\.html$ $1.php
If you want .asp extension just replace html to aspRewriteRule ^(.*)\.html$ $1.php
Redirecting www URL to non www URL
If you type www.twitter.com in browser it will be redirected to twitter.com.
Add this Following Code:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.srinivas.com
RewriteRule (.*) http://srinivas.com/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^www.srinivas.com
RewriteRule (.*) http://srinivas.com/$1 [R=301,L]
Rewriting 'site.com/profile.php?username=foxscan' to 'site.com/foxscan'
My twitter profile http://twitter.com/foxscan its original link passing GET values (http://twitter.com/profile.php?username=foxscan) but this URL is ugly in browser address bar, For user friendly we can change like this.
If you want change like this see the below code
RewriteEngine On
RewriteRule ^([a-zA-Z0-9_-]+)$ profile.php?username=$1
RewriteRule ^([a-zA-Z0-9_-]+)/$ profile.php?username=$1
RewriteRule ^([a-zA-Z0-9_-]+)$ profile.php?username=$1
RewriteRule ^([a-zA-Z0-9_-]+)/$ profile.php?username=$1
Download Sample .htaccess File
If any suggestions post a Comment.
Good but you should put it in to the apacheconf for speed the .htaccess gets read each request and must be parsed each time.
ReplyDeleteI am curious how this method improves security? It makes for a cleaner application, but does not make your application any safer.
ReplyDeleteI suppose in some ways masking what file extension you're using, thereby masking what language you're using, helps to throw would-be attackers off your tracks. I agree though, these are just general tips and tricks. A good read for sure, but not a lot to do with security.
ReplyDeleteHow about adding
ReplyDeletephp_flag register_globals 0
php_flag allow_url_fopen 0
to improve security.
Anymore along these lines?
Nice Article on .htaccess usage. It is really helpful to make your site cleaner but there is nothing for security. Anyway Thanks
ReplyDeleteFriend,
ReplyDeleteu gave a nice explanation, but my prob is that my server returns error 500 when I'm using this .htaccess. What could be the reason..do i want to save my .php files to .asp when im using rewriting
@studyphotoshopinmalayalam
ReplyDelete500 internal server It's not your fault. If u upload or delete .htaccess or any server files more times 5 times this 500 page will appear.
Solution : Immediately take back-up and delete all the files in server (no subfolders in htdocs) and freshly upload.
Good tutorial Srinivas.
ReplyDelete@ Wim
ReplyDeleteThank You
Its a good tutorial.. using this i could make my url as http://ssss.com/japan
ReplyDeletebut can you please tell me how to pass 2 parameters like http://ssss.com/japan/tokio
@ram :
ReplyDeleteRewriteRule ^japan/?([a-zA-Z0-9]+)?/?([0-9]+)?/?$ /japan.php?adid=$1&pid=$2
@Kristoffer Nilsen
ReplyDeleteThank You. It's helpful.
Great Post....ill try it out. today...
ReplyDeleteVery nice post !!
ReplyDeleteCan I do something like:
http://someHost:8888/someApp?param1=1¶m2=2
to
http://someOtherHost/someOtherApp?param1=1¶m2=2
I tried your tutorial in many way, but no luck I could not pass it through. Still having problem with the pretty url. Can you help me out this below url to clean url please.
ReplyDeletehttp://freedomoclock.org/movies.php?cat=Animation
like --> http://freedomoclock.org/Animation/
thank so much Srinivas, youre so kind :)
ReplyDeletethank you very much !
ReplyDeletedont need using rewrite to change the extension of php or any extension to other ext.
ReplyDeleteJust use this.
AddType application/x-httpd-php .whateveryouwant
I use such type of file extensions like index.php , admissions.php etc on the server. But i want to display in url as index/ and admissions/ etc. And when user type index.php then error comes page not found.
ReplyDeletePlz give reply as soon as possible.
Hey sirinivas,
ReplyDeleteif there is folder calld "image" in my main folder how i use this?
Ex:
this is my image folder
www.mydomain.com/image
if i create username called "image" how i ignore image folder?Hey sirinivas,
if there is folder calld "image" in my main folder how i use this?
Ex:
this is my image folder
www.mydomain.com/image
if i create username called "image" how i ignore image folder?
@supun
ReplyDeleteYou have to restrict some words like "image","help","blog","admin".... while user registration. For admin use
i m using win-XP with zend server ... htaccess doesnt work ... what to do .. i test it on localhost....
ReplyDeleteLove this tutorial heaped me a lot :)
ReplyDeleteHi Anonymous..!!!
ReplyDeleteRewriteEngine On
RewriteRule ^([^_]*)$ /movies.php?cat=$1 [L]
awesome tut :):) i'm benefitted :)
ReplyDeleteNice ! Fantastic...
ReplyDeletehi srinivas,
ReplyDeletehow to pass the url like test.php?id=1000 in get methode. than how to crete this url in htacess file
in get methode how to hide php extension in htacess
ReplyDeletethanq srinivas garu , very valuable information
ReplyDelete.htaccess not work in localhost
ReplyDeletehi srinivas ,
ReplyDeletecan i use htaccess like
www.example.com/demo to www.demo.example.com
is it possible?
Thanks for the tutorial on htaccess file..
ReplyDeleteI am download .htaccess file and put in my directory where i take my project but i don't re-write my file url please help me!!!
ReplyDeletethank you for the tutorial..
ReplyDeleteThank you for this post.
ReplyDeleteCan you please tell me about how it work on localhost.
hi srinivas,
ReplyDeletewhen ever the user enter index.php or index.html in this the open
i need only index.php
when the user enter index.php it's redirect to index.html
please help me
Thank you for this post.
ReplyDeleteBut I want to ask that the field in url 'username' is it database field?
i am still confuse ...about the passing variable with URL without its name...only value i want to display..
ReplyDeleteThax
thank you
ReplyDeleteHy thanks for sharing this amazing and great tip. This is great Security Tip which works for me
ReplyDeletethanks
ReplyDeleteRewriteRule ^details/([a-zA-Z0-9_-]+)$ details.php?id=$1
ReplyDeleteRewriteRule ^details/([a-zA-Z0-9_-]+)/$ details.php?id=$1
url like this http://localhost/myproject/details/10
output comes but my project css breaks...
plz reply some suggestion
Please maintain the base URL for CSS.
DeleteBut how can i maintain css base url... please refer me some code
Deletei got the solution Srinivas...
ReplyDeletein head tag use base tag like this...my project css works fine
base href="http://localhost/myproject/" /
above file doesn't work my website what i do..ple guide
ReplyDeleteEnable mod_rewrite extension or use XAMPP 1.8.3
DeleteHello!
ReplyDeleteI noticed that when I used the code, all the other pages on the website could not appear.
Any help on limiting this to only the profile page whilst other pages can be displayed as well?
Thanks buddy. It was an awesome read