Changing .php files to .xxx and accessing it

[d.shankar]

Hi all,

 

I have more than 200 php files in my webserver.. index.php,profile.php,stats.php,etc..........

 

Now i need to access these files with the .xxx extension.

 

if the user requests for www.mysite.com/profile.xxx , the profile page should be loaded..

 

I dont have access to my http.conf , so i have added these changes in my .htaccess

AddType application/x-httpd-php .xxx

 

But it is really not feasible to change all my .php filenames to .xxx

 

Is there any way to do this ?

[genericnumber1]

I'd suspect mod_rewrite would do it for apache, but I've never been good at it, so I'll pass the ball on to someone else. You can try googling it though, you might be able to find something.

[Fadion]

As suggested by the previous poster, mod_rewrite should do it for you. You can define manually which urls must be rewritten like (profile.php >> profile.html) if u dont want all the files changed. This guide helped me get the basics of mod_rewrite when i wanted to seo my urls.

 

EDIT: Im definitely not a mod_rewrite guy and pretty new to this. Just wanted also to post a line which u can use to convert somepage.php to somepage.html. Hope this helps:

 

RewriteRule ^index\.html$ /index.php
RewriteRule ^profile\.html$ /profile.php

 

The same concept can be used for other files and even other extensions.

[d.shankar]

Do i have to rename each and every 200 php files with .xxx extension ?

[genericnumber1]

You could do automatic renaming with a program, or tell mod_rewrite to change all requests for .xxx files do a server-side rewrite to .php files.... it would allow you to keep the files (and scripts) with .php extensions but also have your visitor type yourpage.xxx.

 

eg. a request for index.xxx really be a request for index.php

 

[d.shankar]

:'( Most of the site links will be broken if i try to rename my files. I want to do it without renaming them.

 

Can it be done  ?

 

[genericnumber1]

I'm going to take a shot at this, but this will probably not work...

 

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*).xxx$ $1.php [QSA,L]
RewriteRule ^/$ index.xxx
</IfModule>

 

Put that in your .htaccess file in your htdocs folder. That PROBABLY won't work because it's just a splice from the mod_rewrite I use, but it's worth looking into.

 

It also makes index.xxx your default index file.

[d.shankar]

No generic it didnt work

 

I added this to .htaccess it redirects any .php file to .xxx

 

RedirectMatch 301 ^/(.*)\.php$ http://www.mysite.com/$1.xxx

 

The problem is that i have to rename all my files... i cant get better than this

[genericnumber1]

There is some way to do it, unfortunately it seems like no one that knows mod_rewrite really well is on...

 

try this instead of what I posted before... (and remove that redirect you posted a sec ago of course)

 

RewriteEngine on
RewriteRule ^(.*)\.xxx $1\.php 

 

or

 

Options +FollowSymLinks
RewriteEngine On
RewriteRule ^([^.]+).xxx$ /$1.php [QSA,L]

 

then visit a page... like index.xxx (when you have a file named index.php in that dir)

 

one of those SHOULD work

 

EDIT: ps. all of this was very slightly modified from the things found

http://forums.digitalpoint.com/showthread.php?t=5801 <== here

 

there are a few more mod_rewrites there you can try if the ones above don't work for you, just replace .html with .xxx

[GingerRobot]

Indeed. You want to be rewriting .xxx to .php. However, you're still going to have .php appearing in the url for every link a user clicks, unless you intend to go through every page changing all the links.

 

The obvious question: why bother?

[genericnumber1]

The obvious question: why bother?

 

Ironically enough, I really never ask these questions.... even in my head. I probably should.

[d.shankar]

you're still going to have .php appearing in the url for every link a user clicks, unless you intend to go through every page changing all the links.

 

Yea i dont want this to happen. I dont want the users to see .php in the url.

[GingerRobot]

Yea i dont want this to happen. I dont want the users to see .php in the url.

 

Why?

[d.shankar]

Thats my requirement 

[GingerRobot]

That's not really an explanation. One last time: why is that your requirement?

[d.shankar]

Just want to hide from hackers who try to exploit the site.

[Wolphie]

Then why even show .xxx at all? Why not just use Clean URLs? That way nobody can see any filetype/extension except for images etc...

[d.shankar]

Sounds interesting ... Where should i start ?

[Wolphie]

This is what I use:

 

RewriteEngine on

RewriteCond %{REQUEST_URI} ^/[^\.]+[^/]$
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1/ [R=301,L]

RewriteRule ^([^/\.]+)/?$ /index.php?q=$1 [L]
RewriteRule ^([^/\.]+)/([^/\.]+)/?$ /index.php?view=$1&id=$2 [L]
# RewriteRule ^([^/\.]+)/([^/\.]+)/([^/\.]+)/?$ /index.php?section=$1&subsection=$2&page=$3 [L]

# These rewrite rules can be used over and over for different master pages.
# For example, see below.

# RewriteRule ^([^/\.]+)/?$ /profile.php?user_id=$1 [L]
# RewriteRule ^([^/\.]+)/([^/\.]+)/?$ /profile.php?category=$1&page=$2 [L]
# RewriteRule ^([^/\.]+)/([^/\.]+)/([^/\.]+)/?$ /profile.php?category=$1&subcategory=$2&page=$3 [L]

 

However I doubt that would be sufficient enough for over 200 different filenames. However, it should help you out a bit. Hopefully.

[d.shankar]

I have some hardcoded links in the site.. what to do with that ?

[wildteen88]

Then you'll have to change them manually yourself, mod_rewrite wont change the links in your page for you.

[d.shankar]

Oops then i am half dead  :-X

[nEJC]

Hmmm ... Do you really think this the correct way to go?

I mean, this is security through obscurity - every security hole that is present in your code still exist (and can be exploited).

What you are hiding is only the fact that is written in PHP (and making an URL a bit more beautiful)

 

You should design your application/web page to be secure from the ground up.

Start by reading this tutorial.

 

[d.shankar]

I agree Nejc. I have secured all my code with the latest patches but i still want to make it secure by hiding the .php extension from intruders.

[trq]

Then it sounds like you have alot of work to do.