Default .htaccess (in User Guide) can conflict with controllers

[svivian]

The RewriteCond line of the sample .htaccess file is incorrect. The line is:

RewriteCond $1 !^(index\.php|images|robots\.txt)

However, if you have a controller that starts with "images" (or any other folder you happen to add to the line), opening the appropriate URL bypasses CI and the server returns a 404 Not Found error. I had this when I added my "js" (Javascript) folder to the list, but then created a Json controller.

The current one blocks many common files such as favicon.ico, sitemaps, webmaster tools verification files and more. It even blocks the CI user guide! Here's a simplified version of what I'm using that solved the problem:

RewriteCond $1 !^(([^/]+\.[^/]+)|images/|user_guide/)

The first part checks for any file with a dot in it, then for folders, specifically ending with /. Hope this helps :)

[Repox]

I use the following mod_rewrite for my solutions:

    RewriteEngine On 
    RewriteCond %{REQUEST_FILENAME} !-f 
    RewriteCond %{REQUEST_FILENAME} !-d 
    RewriteRule ^(.*)$ /index.php/$1 [L]

I haven't had any issues with this so far, so maybe this could be a better solution?

[jwalton512]

i use the above or similar

[wildlyinaccurate]

While convenient, that solution could leave some files visible to the public. It's much more secure to explicitly allow access to directories or files.

You would hope that developers are smart enough to figure out when their controller names are conflicting with directories of the same name.

[Repox]

I'm inclined to agree with you, yet many developers starting with CI is subject to a lot of suggestions and some does not have basic understanding of rewriting URLs; thats my experience with questions regarding CI and rewrite rules on SO just to mention a well known forum.

As far as I'm concerned, the suggestion in the user guide, is nothing but a suggestion and should not be considered as being the only solution for removing index.php. I believe that starting with CI, a convenient solution is prefered, as security can be obtained in other (and better) ways.

Initially, when setting up an empty CI, no .htaccess is included which means that all files and folders are 'open to the public' anyway, which means that with our convenient solution, you are no worse off from where you started.

Altering the rewrite rules to suit your needs later on, is always a possibility, but for new users (with no rewrite experince) this could be a more flexible solution.

[svivian]

You would hope that developers are smart enough to figure out when their controller names are conflicting with directories of the same name.

The error doesn't come when controllers have the same name as folders on your system - it happens when part of the controller name matches a folder. For example an images folder with a controller ImageShow, or my my js & JSON example above. I'm a seasoned developer (10+ years in PHP, over a year in CodeIgniter) and it still took me a good while to figure out it was an htaccess problem.

Repox's solution looks like the best one. It doesn't leave files "visible to the public" since there is already a separate .htaccess under the application and system folders that protects those.

[ericlbarnes]

Since this has been pulled I will go ahead and close this out.