I am trying to fix or change some routes that appear in the url prepared with .htaccess that should either not be complete or even prevent certain content from being displayed if the user enters some of these.
I am doing it as follows:
Index.php
<?php
/*=============================================
CONTENIDO DINÁMICO
=============================================*/
$rutas = array();
$ruta = null;
if(isset($_GET["ruta"])){
$rutas = explode("/", $_GET["ruta"]);
/*=============================================
LISTA BLANCA DE URL'S AMIGABLES
=============================================*/
if($rutas[0] == "inicio" || $rutas[0] == "contacto"){
include $rutas[0].".php";
}else{
header('Location: inicio');
}
}else{
include "inicio.php";
}
?>
htaccess
# Impedir que se pueda ver el listado de contenidos de un directorio
Options All -Indexes
RewriteEngine On
RewriteBase /
RewriteRule ^([-a-zA-Z0-9ñÑ_/]+)$ index.php?ruta=$1
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^(.*)$ https://midominio.com/$1 [R=301,L]
# Redirigir la URL con www a la dirección sin www
RewriteCond %{HTTP_HOST} ^www.midominio.com
RewriteRule ^(.*)$ https://midominio.com/$1 [R=301,L]
So far, what I have achieved is that when the user puts in the url or the full domain or one of the two words on the white list such as "home" or "contact" the content loads correctly, for example like this:
And if, for example, a person writes another word that is not one of those on the white list, it redirects to home, example:
https://mydomain.com/something -> https://mydomain.com/
So far so good, however I see several errors that should not occur or at least I don't know how to avoid for now, for example:
1- If the user adds a trailing slash "/" and writes https://mydomain.com/home/ the domain loads without its style sheet, so here, should I apply a redirect to the route without "/" ?
2- If the user writes or adds a disallowed character such as "." for example https://mydomain.com/home . it shows me a directory of available options and documents
Multiple Choices. The document name you requested (/start.) could not be found on this server. However, we found documents with names similar to the one you requested. Available documents: /start.php (common basename)
Do I also have to avoid it here with a 301 redirect?
3- If the user tries to see a directory, for example the images directory https://mydomain.com/images , instead of avoiding it and redirecting to home, it gives me a redirection error
This page does not work The page mydomain.com has redirected you too many times. Delete cookies. ERR_TOO_MANY_REDIRECTS
4- If the user writes https://midominio.com/contacto?ruta=contacto or https://midominio.com/index.php?ruta=inicio/ they load me correctly, however I would like that the url can only see at most https://mydomain.com/home or https://mydomain.com/contact
5- If the user types https://mydomain.com/index.php it loads perfectly, however I would like to see how to make the "php" extension not appear and neither does the word index. Here I have tried several options with RewriteCond and RewriteRule but they don't work for me either.
In general, what could you add or remove from the current?
EDIT The new index.php changed.
The new htaccess file looks like this for now
# -- Impedir que se pueda ver el listado de contenidos de un directorio
Options -Indexes
RewriteEngine On
RewriteBase /
# --Eliminar extensión .php
RewriteCond %{THE_REQUEST} ^.*/index\.php
RewriteRule ^(.*)index.php$ https://midominio.com/ [R=301,L]
# Abajo el resto de reglas
# -- Redirigir la URL a https
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^(.*)$ https://midominio.com/$1 [R=301,L]
# -- Redirigir la URL con www a la dirección sin www
RewriteCond %{HTTP_HOST} ^www.midominio.com
RewriteRule ^(.*)$ https://midominio.com/$1 [R=301,L]
# --No existe archivo !-f, no existe directorio !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
ErrorDocument 404 /error404.php
ErrorDocument 403 /error403.php
RewriteRule ^([-a-zA-Z0-9ñÑ_/.]+)$ index.php?ruta=$1
fixed
1 - The theme of the final bar "/" in the url and that certain style sheets, images, etc etc are not seen, I have changed it by adding the absolute path and then applying it to each img, css and fixed it. css/style.css">
2- If the user writes or adds a disallowed character such as "." for example https://mydomain.com/home . It shows me a directory of available options and documents (added the character "." and so it doesn't give that error -> RewriteRule ^([-a-zA-Z0-9ñÑ_/.]+)$ index.php?ruta=$1)
3- If the user tries to see a directory, for example the images directory https://mydomain.com/img , instead of avoiding it and redirecting to home, it gives me a redirection error. Now it gives me a 403 error and I show the new 403 file. php
Earrings
4- If the user writes https://mydomain.com/index.php?ruta=start/ it loads correctly to the main route, however https://mydomain.com/contacto?ruta=contacto remains in the url
Can it be avoided with the current htacess or is it still pending from the index.php?
5- If the user writes https://mydomain.com/index.php it loads perfectly to the main route without php, but if I load contact.php or even add more links like gallery.php, who-we-are.php etc etc
Should I add a new redirection in htacess for each .php file to redirect or can it be done from php with an array always inside the white routes that I add?
Don't list directory content, change your rule by removing
All
:To prevent it from opening
index.php
do not include additional parameters ($1
), just take it to the root of the site:Redirect any '/route.php' to '/route', removing the extension
Your rule to only use the paths you want should go all the way and only if it's a file or directory that doesn't exist, otherwise even images, CSS, JS and directories you need will be redirected and of course you'll get the bug
ERR_TOO_MANY_REDIRECTS
:I recommend you use an array to check the paths:
Summary of your problems:
/.
and directory contents are listed: This should be fixed by the first code in this answer.index.php
to the root of the domain.There are still some validations to be done, like checking if there are more parameters than you need or unexpected characters in the URL:
?
,&
, but you have a good starting point.By the way, the fix
$rutas
will also help you to generate menus, for example:Edition:
Above I added the option to prevent them from going directly to contact.php or who-we-are.php and lead to /contact or /who-we-are.
As for the question mark
?
, I don't know how convenient it is to avoid it, because you won't be able to do GET requests, but you can try this (before the .php rules):I haven't tried it, so you'll have to tell us how it goes.