Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I prevent additional strings from being added after URLs that end with .php?

Tags:

url

php

our website's team just discovered that any user can add a slash '/' then any string after a URL that ends with a .php extension and still access the same original page.

For example: I can access www.mydomain.com/index.php with:

  • www.mydomain.com/index.php/test
  • www.mydomain.com/index.php/test/123
  • www.mydomain.com/index.php/wqeqwew/2234dwd

(Note: Additional strings after index.php/ are non-existent in the server, they're just some garbage)

Another problem is that with my dynamic URLs, I can always add a nonexistent php file in between my domain name and the first parameter.

For example: I can access www.mydomain.com/product/one with:

  • www.mydomain.com/test.php/product/one
  • www.mydomain.com/imnothere.php/product/one

How can I prevent this from happening and how do I deal with it? Is this a serious problem in terms of SEO or security? I want the website to return 404 error whenever these kinds of URL are entered or clicked in the browser.

Any help is greatly appreciated. Thanks!

EDIT:

I think I already fixed it. For the first problem, I added AcceptPathInfo Off in my .htaccess. And for the second problem, I just added ^ before my RewriteRule for my dynamic URL, e.g. RewriteRule ^product/(.*)$ so that nobody can add anymore extra string in between the domain name and the first parameter. Thanks for all the help!

like image 670
jcap Avatar asked Nov 13 '22 17:11

jcap


1 Answers

How can I prevent this from happening and how do I deal with it?

This is due to Apache's AcceptPathInfo directive. You can turn it off - if the server is configured accordingly, you'll just need a .htaccess file for it.

Is this a serious problem in terms of SEO or security?

I can't think of a way in which it could be a serious problem. It's generally enabled by default in most handlers, and is being routinely used as a "poor man's mod_rewrite" (A way to provide fancy-looking URLs).

like image 58
Pekka Avatar answered Nov 15 '22 07:11

Pekka