|
|
Created:
13 years, 1 month ago by g1smd Modified:
13 years ago Reviewers:
nikosdion Base URL:
http://joomla-master-htaccess.googlecode.com/svn/trunk/ Visibility:
Public. |
DescriptionBased on the version 2.3 code originally found at: http://snipt.net/nikosdion/the-master-htaccess/ and now listed at: http://code.google.com/p/joomla-master-htaccess/source/browse/trunk/joomla-master-htaccess.txt?spec=svn2&r=2
The original file contains a number of syntax errors, several rules that can never work, and a number of expressions that can be more efficiently coded.
Bugs and enhancements originally discussed at: http://forum.joomla.org/viewtopic.php?f=432&t=549841
Discussion also at: http://snipt.net/nikosdion/the-master-htaccess/
The new 2.4.1 proposed file: http://snipt.net/g1smd/joomla-master-htaccess-file-proposed-v24-2011-03-24/ or at: http://code.google.com/p/joomla-master-htaccess/source/browse/trunk/joomla-master-htaccess.txt?spec=svn4&r=4
The new 2.4.3 proposed file: http://snipt.net/g1smd/joomla-master-htaccess-file-proposed-v24-2011-04-02/ or at: http://code.google.com/p/joomla-master-htaccess/source/browse/trunk/joomla-master-htaccess.txt?spec=svn7&r=7
NOTE: this is not now the latest version of the file.
Continued in: http://codereview.appspot.com/4370051/
Patch Set 1 #
Total comments: 62
Patch Set 2 : 2.4.3 - 3.0.a #
Total comments: 50
MessagesTotal messages: 6
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt File joomla-master-htaccess.txt (left): http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#oldco... joomla-master-htaccess.txt:238: RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [OR] No idea why a combined rule would fail. This is basic RegEx stuff. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#oldco... joomla-master-htaccess.txt:340: RewriteRule ^(components|modules|plugins|templates)/([^/]+/)*(index\.php)? - [L] ([^/]+/)* is "not a slash, one or more times, followed by a slash" the whole repeated zero or more times. This recurses folder levels very quickly. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#oldco... joomla-master-htaccess.txt:340: RewriteRule ^(components|modules|plugins|templates)/([^/]+/)*(index\.php)? - [L] The question mark makes this pattern match both <something>/ and <something>/index.php http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#oldco... joomla-master-htaccess.txt:342: RewriteRule ^(components|modules|plugins|templates)/.+ - [F] The .+ was a left over from earlier experimentation, but made it block anything that was NOT the bare folder ending with just slash. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#oldco... joomla-master-htaccess.txt:346: RewriteRule ^(htaccess\.txt|configuration\.php(-dist)?|php\.ini)$ - [F] Matches configuration.php and configuration.php-dist and php.ini http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#oldco... joomla-master-htaccess.txt:352: RewriteCond %{QUERY_STRING} union([^s]*s)+elect[^\(]*\( [NC,OR] union([^s]*s)+elect[^\(]*\( matches "union" followed by "not 's', zero or more times, followed by 's'", followed by "elect" followed by "not a bracket, zero or more times, followed by a bracket. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#oldco... joomla-master-htaccess.txt:366: ## Note: The final RewriteCond must NOT use the [OR] flag. The note is on the end in case people add more RewriteCond lines. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#oldco... joomla-master-htaccess.txt:374: # If the requested path and file is not /index.php and the request These notes now appear in the Joomla official file version. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt File joomla-master-htaccess.txt (right): http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:67: RewriteEngine On I didn't notice that "Options" was already further down the page. I always put it very close to "RewriteEngine" directive. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:99: ## Note: Some people prefer using "now plus 1 month" instead of "now plus 1 year". http://www.webmasterworld.com/apache/4118917.htm#msg4119380 http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:184: Redirect 301 /mail http://mail.google.com/a/domain.com Don't mix Redirect and RewriteRule in the same site. Directives are processed in "per-module" order. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:196: # RewriteRule ^index\.php$ http%2://www.domain.com/ [R,L] Simpler note: "If the above line throws a 500 error, change [R=301,L] to [R,L]" http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:201: RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R,L] [R=301,L] http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:201: RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R,L] ^ and $ not required. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:207: #RewriteRule ^(.*)$ http://%1/$1 [R,L] [R=301,L] http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:207: #RewriteRule ^(.*)$ http://%1/$1 [R,L] ^ and $ not required. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:214: ## file is supposed to be placed in www.domain.com! If the file is placed in www.domain.com then it will never respond to requests for olddomain.com http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:215: ## Note: Replace [L=301,R] with [L,R] if you get error 500. Correction: "Note: Replace [R=301,L] with [R,L] if you get error 500." http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:216: RewriteCond %{HTTP_HOST} ^(www\.)?olddomain.com [NC] Escape literal periods. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:217: RewriteRule ^index\.php$ http://www.domain.com/ [L=301,R] [L=301,R] should be [R=301,L] http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:218: RewriteCond %{HTTP_HOST} ^(www\.)?olddomain.com [NC] Escape literal periods. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:219: RewriteRule ^(.*)$ http://www.domain.com/$1 [L=301,R] [L=301,R] should be [R=301,L] http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:219: RewriteRule ^(.*)$ http://www.domain.com/$1 [L=301,R] ^ and $ not required. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:229: RewriteRule ^foobar\.html$ https://www.domain.com/foobar.html [L,R] [R=301,L] http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:230: # Add mode rules below this line mode -> more http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:237: # If the request contains /proc/self/environ (by SigSiu.net) Clarification: If the request _query string_ contains... http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:239: # Legacy configuration variable injection # Block out any script trying to set a mosConfig value through the URL. (words match Joomla production file) http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:241: # Block out any script trying to base64_encode stuff to send via URL stuff to send via URL -> data within the URL http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:243: # Block out any script trying to base64_decode stuff to send via URL stuff to send via URL -> data within the URL http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:251: # Return a 403 Forbidden # Return 403 Forbidden header and show the content of the root homepage (words match Joomla production file) http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:260: RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]/{1,2}){1,} [NC] Nice set of extra rules. Unusual use of /{1,2}. I'd use //? I think. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:272: RewriteRule ^plugins/system/GoogleGears/gears-manifest\.php$ - [L] Yes. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:274: RewriteRule ^plugins/content/jw_allvideos/includes/jw_allvideos_scripts\.php$ - [L] Yes. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:276: RewriteRule ^administrator/components/com_admintools/restore\.php$ - [L] Yes. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:280: RewriteRule ^kickstart\.php$ - [L] Nice. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:307: ## \., i.e.: www\.example\.com for www.example.com Not clear to read the \. part. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:308: RewriteRule ^images/stories/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|ico|html?)$ - [L] $ - yes. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:312: RewriteRule \.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|ico|html?)$ - [F] jp(eg|g|2)? simplifies to jp(e?g|2)? or jpe?[g2]? http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:319: RewriteCond %{QUERY_STRING} (^|&)tmpl=(component|system) [NC] Good catch. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:321: RewriteCond %{QUERY_STRING} (^|&)t(p|emplate|mpl)= [NC,OR] Nice simplification. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:332: RewriteRule ^administrator/?$ - [L] Nice simplification. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:333: RewriteRule ^administrator/index.html?$ - [L] Escape literal periods. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:334: RewriteRule ^administrator/index2?.php$ - [L] Escape literal periods. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:335: RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L] jp(eg|g|2)? simplifies to jp(e?g|2)? or jpe?[g2]? http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:335: RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L] mp(e|eg|3|4) simplifies to mp(eg?|3|4) http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:335: RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L] og(g|v) simplifies to og[gv] http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:335: RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L] od(t|s|p) simplifies to od[tsp] http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:347: RewriteRule ^(components|modules|plugins|templates)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L] Simplifications as above. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:348: RewriteRule ^(components|modules|plugins|templates)/([^.]+)/index\.php(.*)$ - [L] ([^.]+)/ is "not a period one or more times". No idea why this pattern would be used here. Surely need to recurse directory levels? http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:348: RewriteRule ^(components|modules|plugins|templates)/([^.]+)/index\.php(.*)$ - [L] With trailing (.*) and no question mark this no longer matches bare folder. What is the (.*) for? http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:349: RewriteRule ^templates/([^.]+)\.php$ $1 [L] $1 should be - here. It is not the [^.] that makes this rule fail. It is the $1. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:358: RewriteRule ^(htaccess\.txt|configuration\.php-dist)$ - [F] Doesn't match configuration.php and php.ini http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:364: RewriteCond %{QUERY_STRING} union([^s]*s)+elect.*[^\(]*\( [NC,OR] The .* is superfluous. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:389: RewriteCond %{REQUEST_URI} !^/index.php Escape literal periods.
Sign in to reply to this message.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt File joomla-master-htaccess.txt (right): http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:11: ## domain.com and domain\.com should be replaced with your real domain name. example.com and example\.com http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:278: RewriteRule ^administrator/components/com_akeeba/restore\.php$ - [L] Yes. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:321: RewriteCond %{QUERY_STRING} (^|&)t(p|emplate|mpl)= [NC,OR] [NC,OR] -> [NC] http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:335: RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L] mp(e|eg|3|4) simplifies to mp(eg?|[34])
Sign in to reply to this message.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt File joomla-master-htaccess.txt (right): http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:84: ########## Begin - File exection order, by Komra.de Spelling. http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:86: ########## End - File exection order Spelling.
Sign in to reply to this message.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt File joomla-master-htaccess.txt (left): http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ol... joomla-master-htaccess.txt:245: RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [OR] No idea why a combined rule would fail. This is basic RegEx stuff. http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ol... joomla-master-htaccess.txt:349: RewriteRule ^(components|modules|plugins|templates)/([^/]+/)*(index\.php)? - [L] ([^/]+/)* is "not a slash, one or more times, followed by a slash" the whole repeated zero or more times. This recurses folder levels very quickly. http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ol... joomla-master-htaccess.txt:349: RewriteRule ^(components|modules|plugins|templates)/([^/]+/)*(index\.php)? - [L] The question mark makes this pattern match both <something>/ and <something>/index.php http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ol... joomla-master-htaccess.txt:360: RewriteRule ^(htaccess\.txt|configuration\.php(-dist)?|php\.ini)$ - [F] Matches configuration.php and configuration.php-dist and php.ini http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ol... joomla-master-htaccess.txt:366: RewriteCond %{QUERY_STRING} union([^s]*s)+elect[^\(]*\( [NC,OR] union([^s]*s)+elect[^\(]*\( matches "union" followed by "not 's', zero or more times, followed by 's'", followed by "elect" followed by "not a bracket, zero or more times, followed by a bracket. http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ol... joomla-master-htaccess.txt:380: ## Note: The final RewriteCond must NOT use the [OR] flag. The note is on the end in case people add more RewriteCond lines. http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ol... joomla-master-htaccess.txt:392: # If the requested path and file is not /index.php and the request These notes now appear in the Joomla official file version. http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt File joomla-master-htaccess.txt (right): http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:11: ## domain.com and domain\.com should be replaced with your real domain name. example.com and example\.com http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:84: ########## Begin - File exection order, by Komra.de Spelling. http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:86: ########## End - File exection order Spelling. http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:99: ## Note: Some people prefer using "now plus 1 month" instead of "now plus 1 year". http://www.webmasterworld.com/apache/4118917.htm#msg4119380 http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:184: Redirect 301 /mail http://mail.google.com/a/domain.com Don't mix Redirect and RewriteRule in the same site. Directives are processed in "per-module" order. http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:196: # RewriteRule ^index\.php$ http%2://www.domain.com/ [R,L] Simpler note: "If the above line throws a 500 error, change [R=301,L] to [R,L]" http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:201: RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R,L] [R=301,L] http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:201: RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R,L] ^ and $ not required. http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:207: #RewriteRule ^(.*)$ http://%1/$1 [R,L] [R=301,L] http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:207: #RewriteRule ^(.*)$ http://%1/$1 [R,L] ^ and $ not required. http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:214: ## file is supposed to be placed in www.domain.com! If the file is placed in www.domain.com then it will never respond to requests for olddomain.com http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:215: ## Note: Replace [L=301,R] with [L,R] if you get error 500. Correction: "Note: Replace [R=301,L] with [R,L] if you get error 500." http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:216: RewriteCond %{HTTP_HOST} ^(www\.)?olddomain.com [NC] Escape literal periods. http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:217: RewriteRule ^index\.php$ http://www.domain.com/ [L=301,R] [L=301,R] should be [R=301,L] http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:218: RewriteCond %{HTTP_HOST} ^(www\.)?olddomain.com [NC] Escape literal periods. http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:219: RewriteRule ^(.*)$ http://www.domain.com/$1 [L=301,R] [L=301,R] should be [R=301,L] http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:219: RewriteRule ^(.*)$ http://www.domain.com/$1 [L=301,R] ^ and $ not required. http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:229: RewriteRule ^foobar\.html$ https://www.domain.com/foobar.html [L,R] [R=301,L] http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:230: # Add mode rules below this line mode -> more http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:237: # If the request contains /proc/self/environ (by SigSiu.net) Clarification: If the request _query string_ contains... http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:239: # Legacy configuration variable injection # Block out any script trying to set a mosConfig value through the URL. (words match Joomla production file) http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:241: # Block out any script trying to base64_encode stuff to send via URL stuff to send via URL -> data within the URL http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:243: # Block out any script trying to base64_decode stuff to send via URL stuff to send via URL -> data within the URL http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:251: # Return a 403 Forbidden # Return 403 Forbidden header and show the content of the root homepage (words match Joomla production file) http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:260: RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]/{1,2}){1,} [NC] Nice set of extra rules. Unusual use of /{1,2}. I'd use //? I think. http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:307: ## \., i.e.: www\.example\.com for www.example.com Not clear to read the \. part. http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:308: RewriteRule ^images/stories/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|ico|html?)$ - [L] jp(eg|g|2)? simplifies to jp(e?g|2)? or jpe?[g2]? http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:312: RewriteRule \.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|ico|html?)$ - [F] jp(eg|g|2)? simplifies to jp(e?g|2)? or jpe?[g2]? http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:321: RewriteCond %{QUERY_STRING} (^|&)t(p|emplate|mpl)= [NC,OR] [NC,OR] -> [NC] http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:333: RewriteRule ^administrator/index.html?$ - [L] Escape literal periods. http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:334: RewriteRule ^administrator/index2?.php$ - [L] Escape literal periods. http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:335: RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L] jp(eg|g|2)? simplifies to jp(e?g|2)? or jpe?[g2]? http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:335: RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L] mp(e|eg|3|4) simplifies to mp(eg?|[34]) http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:335: RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L] og(g|v) simplifies to og[gv] http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:335: RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L] od(t|s|p) simplifies to od[tsp] http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:347: RewriteRule ^(components|modules|plugins|templates)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L] Simplifications as above. http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:348: RewriteRule ^(components|modules|plugins|templates)/([^.]+)/index\.php(.*)$ - [L] ([^.]+)/ is "not a period one or more times". No idea why this pattern would be used here. Surely need to recurse directory levels? http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:348: RewriteRule ^(components|modules|plugins|templates)/([^.]+)/index\.php(.*)$ - [L] With trailing (.*) and no question mark this no longer matches bare folder. What is the (.*) for? http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:349: RewriteRule ^templates/([^.]+)\.php$ $1 [L] $1 should be - here. It is not the [^.] that makes this rule fail. It is the $1. http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:355: RewriteRule ^[^/]+\.php$ - [F] Match "not a slash, followed by a period" will fail. The "not a slash" part will "consume" the ".php" part. http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:358: RewriteRule ^(htaccess\.txt|configuration\.php-dist)$ - [F] Doesn't match configuration.php and php.ini http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:364: RewriteCond %{QUERY_STRING} union([^s]*s)+elect.*[^\(]*\( [NC,OR] The .* is superfluous. http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#ne... joomla-master-htaccess.txt:389: RewriteCond %{REQUEST_URI} !^/index.php Escape literal periods.
Sign in to reply to this message.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt File joomla-master-htaccess.txt (right): http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:308: RewriteRule ^images/stories/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|ico|html?)$ - [L] jp(eg|g|2)? simplifies to jp(e?g|2)? or jpe?[g2]?
Sign in to reply to this message.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt File joomla-master-htaccess.txt (right): http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newco... joomla-master-htaccess.txt:355: RewriteRule ^[^/]+\.php$ - [F] Match "not a slash, followed by a period" will fail. The "not a slash" part will "consume" the ".php" part.
Sign in to reply to this message.
|