New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Default .htaccess (in User Guide) can conflict with controllers #684
Comments
I use the following mod_rewrite for my solutions:
I haven't had any issues with this so far, so maybe this could be a better solution? |
i use the above or similar |
While convenient, that solution could leave some files visible to the public. It's much more secure to explicitly allow access to directories or files. You would hope that developers are smart enough to figure out when their controller names are conflicting with directories of the same name. |
I'm inclined to agree with you, yet many developers starting with CI is subject to a lot of suggestions and some does not have basic understanding of rewriting URLs; thats my experience with questions regarding CI and rewrite rules on SO just to mention a well known forum. As far as I'm concerned, the suggestion in the user guide, is nothing but a suggestion and should not be considered as being the only solution for removing index.php. I believe that starting with CI, a convenient solution is prefered, as security can be obtained in other (and better) ways. Initially, when setting up an empty CI, no .htaccess is included which means that all files and folders are 'open to the public' anyway, which means that with our convenient solution, you are no worse off from where you started. Altering the rewrite rules to suit your needs later on, is always a possibility, but for new users (with no rewrite experince) this could be a more flexible solution. |
The error doesn't come when controllers have the same name as folders on your system - it happens when part of the controller name matches a folder. For example an Repox's solution looks like the best one. It doesn't leave files "visible to the public" since there is already a separate |
Since this has been pulled I will go ahead and close this out. |
The
RewriteCond
line of the sample.htaccess
file is incorrect. The line is:However, if you have a controller that starts with "images" (or any other folder you happen to add to the line), opening the appropriate URL bypasses CI and the server returns a 404 Not Found error. I had this when I added my "js" (Javascript) folder to the list, but then created a Json controller.
The current one blocks many common files such as favicon.ico, sitemaps, webmaster tools verification files and more. It even blocks the CI user guide! Here's a simplified version of what I'm using that solved the problem:
The first part checks for any file with a dot in it, then for folders, specifically ending with
/
. Hope this helps :)The text was updated successfully, but these errors were encountered: