Change the URL to hide all signes of PHP

[Kairu]

Cant quite explain it in the topic I know.

Alright, what I have so far is an image which is called with a URL "http://www.urlofsite.com/dir/image.jpeg?id=1", where the .jpeg extension is treated as PHP. My question is this: Is it possible to make the URL required to access the image properly, something like "http://www.urlofsite.com/dir/images/1.jpeg" Thus removing any indication that it is not a real .jpeg?

Any help is appreciated. Thanks!

[michaellunsford]

if you're running apache,  you can use .htaccess to "rewrite" the filename to a php file...

the following code will basically rewrite 1.jpeg to index.php?page=1
[code]DirectoryIndex index.php
ReWriteEngine On
RewriteRule ^/?([^/]*)\.jpeg$ ./index.php?page=$1 [L,NS]
[/code]

google search for "htaccess mod rewrite"

[Kairu]

I cant quite figure this out. I went over multiple documents last night on htaccess rewrites, but I cant seem to get it working.

I don't have the htaccess file handy, but from memory it's something like this....

[code]Options +FollowSymlinks
RewriteEngine on
RewriteRule ^images/(.+).jpeg image.jpeg?id=$1 [nc][/code]

Would it make a difference that the htaccess file is in the main directory with the image.jpeg?

[michaellunsford]

I typically put the example I provided above in the same folder as the PHP file. I have never been able to get a single htaccess file to work sitewide.

[Kairu]

I still dont quite get it... and that code isnt working.....

Could someone explain it or show me?

If it means anything, the file is in the main directory, but I want to make it seem like it is in a folder, and I need it to appear as [#].jpeg.

So a rewrite from.... http://url.com/image.jpeg?id=1 ....to.... http://url.com/images/1.jpeg

[michaellunsford]

put the htaccess in your images folder:

[code]ReWriteEngine On
RewriteRule ^/?([^/]*)\.jpeg$ ../image.jpeg?id=$1 [L,NS][/code]

then any "jpeg" called in the images folder, would be passed back to image.jpeg in the parent folder.

[Kairu]

But when I tried that I keep getting 404 errors. I have the image.jpeg in the parent directory, and the .htaccess file in the images directory... Is there something I'm doing wrong?

[Kairu]

Scratch that 404 error.... I turned on "AllowOverride All" for the .htaccess file in httpd.config.txt. But now I am getting a 500 Internal Server Error....

[michaellunsford]

you can replace the [nc] with [R] temporarily to get it to "redirect" so you can see where it's sending you.

[Kairu]

What in the.... It's going to the right place, but when I turn the override on, PHP does not work..... But when it is off, it will not redirect.....

[michaellunsford]

The server is probably confused by the jpeg extension to your PHP file. Since you're "hiding" the actual file it's going to anyway, you might want to just rename it to image.php and make the appropriate adjustment in htaccess.

[Kairu]

That works.... Is there an easy way to prevent it getting confused? I have other files with the jpeg extension.... Or would it be better to place a .htaccess file to rename them?

[michaellunsford]

Apparently using htaccess to rewrite to a jpeg extension bypasses the preference to process a jpeg file as php. So, if you're accessing it directly, great. If you're using mod rewrite to access it, just call it php.

[Kairu]

Thank you! This has been very helpful! One last question though.... Is it possible to deny access to "image.php" while still being able to call it through the .htaccess file? I know nothing of .htaccess.... I guess that will be the next thing I teach myself after php.

[michaellunsford]

Two ideas:

1. You could program your PHP file to deny all requests for anything that doesn't have a referrer -- however not all browsers send a referrer when they request a page. [code=php:0]if(!$_SERVER['HTTP_REFERER']) die();[/code]

2. You could also attempt to rewrite all PHP extension requests to an error page. You might get an internal server error -- but it's worth a try.
[code] RewriteRule ^/?([^/]*)\.php$ ./sorry.html [NC][/code]

[Kairu]

Thank you! I think I'll just put the file deep inside the directories. I doubt it will be too easy to find, and no one will really know what it is fore.....

[Kairu]

Not so amazingly I have another question.... I tried this, and it came up with a server error. Is it because of the first decimal?

[code]Options +FollowSymLinks
DirectoryIndex index.jpeg
RewriteEngine On
RewriteRule ^([^/]*)\.([^/]*)$ /images/image.$2.php?id=$1 [NC][/code]

I want to be able to output into the four main formats, being chosen by the extension placed at the end of the called URL.

[michaellunsford]

I've never been able to make htaccess pull the entire filename called. It always gives me a server error (or something like that). So, I resolve myself to call them separatelyl....

.jpg
.jpeg
.gif
.png ...etc

[Kairu]

I see.... I was thinking of doing that as well.... Thanks! Once again solved for the time being!

[Kairu]

Yes, yet again questions.

Is there any way to have this work?

[code]Options +FollowSymLinks
DirectoryIndex index.jpeg
RewriteEngine On
RewriteRule ^/image/([^/]*)\.([^/]*)$ image2.php?id=$1&ext=$2 [NC][/code]

[Kairu]

Ah! Remove the proceeding slash... This is actually quite an ingenious way to hide the fact that I'm using PHP by the way.

Asa you can see from above, I took a different approach and added a directory before the file. Now I'm going to have to find a way to have it output a plain text 404 error if they try any extensions or id's that do not exist....

Question. Does the running PHP still think the URL being called by the browser is the redirected one, or does it think the url is the one shown in the address bar of the user? I want this error message to be as real as possible.....

[michaellunsford]

as far as I know, PHP has no way of knowing that apache is redirecting. Here's a bit of PHP code that might come in handy, though.

To make sure those headers are right, you might want to "curl -I" a page on your server that doesn't exist. It will give you things like your actual apache and OS versions.

[code=php:0]if(...) {
        header("HTTP/1.1 404 Not Found");
        header("Date: Tue, 20 Dec 2005 04:23:31 GMT");
        header("Server: Apache/2.0.46 (Red Hat)");
        header("Accept-Ranges: bytes");
        header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
        header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
        header("Last-Modified: Mon, 28 Mar 2005 16:41:32 GMT");
        header("ETag: \"5c6e5f-3c3-37676700\"");
        header("Content-Length: 959");
        header("Connection: close");
        header("Content-Type: text/html");
        header("X-Pad: avoid browser bug");
        echo "<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at ".$_SERVER['SERVER_NAME'];
echo "
</ADDRESS>
</BODY>
</HTML>

<!--
  - Unfortunately, Microsoft has added a clever new
  - \"feature\" to Internet Explorer. If the text of
  - an error's message is \"too small\", specifically
  - less than 512 bytes, Internet Explorer returns
  - its own error message. You can turn that off,
  - but it's pretty tricky to find switch called
  - \"smart error messages\". That means, of course,
  - that short error messages are censored by default.
  - IIS always returns error messages that are long
  - enough to make Internet Explorer happy. The
  - workaround is pretty simple: pad the error
  - message with a big comment like this to push it
  - over the five hundred and twelve bytes minimum.
  - Of course, that's exactly what you're reading
  - right now.
-->";
}[/code]