Code review - Issue 4290071: Joomla master .htaccess - differences 2.4.1 - 3.0.a / 2.4.3 - 3.0.ahttps://codereview.appspot.com/2011-04-03T12:46:31+00:00rietveld
Message from unknown
2011-03-28T10:26:13+00:00g1smdurn:md5:fcc30aaab750406fa3fbf9f61b01d0eb
Message from g1smd.email@gmail.com
2011-03-28T21:54:47+00:00g1smdurn:md5:fcc84433c1ccf1212e5836c9ed8dc1b5
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt
File joomla-master-htaccess.txt (left):
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#oldcode238
joomla-master-htaccess.txt:238: RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [OR]
No idea why a combined rule would fail. This is basic RegEx stuff.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#oldcode340
joomla-master-htaccess.txt:340: RewriteRule ^(components|modules|plugins|templates)/([^/]+/)*(index\.php)? - [L]
([^/]+/)* is "not a slash, one or more times, followed by a slash" the whole repeated zero or more times. This recurses folder levels very quickly.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#oldcode340
joomla-master-htaccess.txt:340: RewriteRule ^(components|modules|plugins|templates)/([^/]+/)*(index\.php)? - [L]
The question mark makes this pattern match both <something>/ and <something>/index.php
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#oldcode342
joomla-master-htaccess.txt:342: RewriteRule ^(components|modules|plugins|templates)/.+ - [F]
The .+ was a left over from earlier experimentation, but made it block anything that was NOT the bare folder ending with just slash.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#oldcode346
joomla-master-htaccess.txt:346: RewriteRule ^(htaccess\.txt|configuration\.php(-dist)?|php\.ini)$ - [F]
Matches configuration.php and configuration.php-dist and php.ini
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#oldcode352
joomla-master-htaccess.txt:352: RewriteCond %{QUERY_STRING} union([^s]*s)+elect[^\(]*\( [NC,OR]
union([^s]*s)+elect[^\(]*\( matches "union" followed by "not 's', zero or more times, followed by 's'", followed by "elect" followed by "not a bracket, zero or more times, followed by a bracket.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#oldcode366
joomla-master-htaccess.txt:366: ## Note: The final RewriteCond must NOT use the [OR] flag.
The note is on the end in case people add more RewriteCond lines.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#oldcode374
joomla-master-htaccess.txt:374: # If the requested path and file is not /index.php and the request
These notes now appear in the Joomla official file version.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt
File joomla-master-htaccess.txt (right):
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode67
joomla-master-htaccess.txt:67: RewriteEngine On
I didn't notice that "Options" was already further down the page. I always put it very close to "RewriteEngine" directive.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode99
joomla-master-htaccess.txt:99: ## Note: Some people prefer using "now plus 1 month" instead of "now plus 1 year".
http://www.webmasterworld.com/apache/4118917.htm#msg4119380
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode184
joomla-master-htaccess.txt:184: Redirect 301 /mail http://mail.google.com/a/domain.com
Don't mix Redirect and RewriteRule in the same site. Directives are processed in "per-module" order.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode196
joomla-master-htaccess.txt:196: # RewriteRule ^index\.php$ http%2://www.domain.com/ [R,L]
Simpler note: "If the above line throws a 500 error, change [R=301,L] to [R,L]"
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode201
joomla-master-htaccess.txt:201: RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R,L]
[R=301,L]
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode201
joomla-master-htaccess.txt:201: RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R,L]
^ and $ not required.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode207
joomla-master-htaccess.txt:207: #RewriteRule ^(.*)$ http://%1/$1 [R,L]
[R=301,L]
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode207
joomla-master-htaccess.txt:207: #RewriteRule ^(.*)$ http://%1/$1 [R,L]
^ and $ not required.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode214
joomla-master-htaccess.txt:214: ## file is supposed to be placed in www.domain.com!
If the file is placed in www.domain.com then it will never respond to requests for olddomain.com
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode215
joomla-master-htaccess.txt:215: ## Note: Replace [L=301,R] with [L,R] if you get error 500.
Correction: "Note: Replace [R=301,L] with [R,L] if you get error 500."
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode216
joomla-master-htaccess.txt:216: RewriteCond %{HTTP_HOST} ^(www\.)?olddomain.com [NC]
Escape literal periods.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode217
joomla-master-htaccess.txt:217: RewriteRule ^index\.php$ http://www.domain.com/ [L=301,R]
[L=301,R] should be [R=301,L]
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode218
joomla-master-htaccess.txt:218: RewriteCond %{HTTP_HOST} ^(www\.)?olddomain.com [NC]
Escape literal periods.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode219
joomla-master-htaccess.txt:219: RewriteRule ^(.*)$ http://www.domain.com/$1 [L=301,R]
[L=301,R] should be [R=301,L]
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode219
joomla-master-htaccess.txt:219: RewriteRule ^(.*)$ http://www.domain.com/$1 [L=301,R]
^ and $ not required.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode229
joomla-master-htaccess.txt:229: RewriteRule ^foobar\.html$ https://www.domain.com/foobar.html [L,R]
[R=301,L]
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode230
joomla-master-htaccess.txt:230: # Add mode rules below this line
mode -> more
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode237
joomla-master-htaccess.txt:237: # If the request contains /proc/self/environ (by SigSiu.net)
Clarification: If the request _query string_ contains...
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode239
joomla-master-htaccess.txt:239: # Legacy configuration variable injection
# Block out any script trying to set a mosConfig value through the URL.
(words match Joomla production file)
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode241
joomla-master-htaccess.txt:241: # Block out any script trying to base64_encode stuff to send via URL
stuff to send via URL -> data within the URL
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode243
joomla-master-htaccess.txt:243: # Block out any script trying to base64_decode stuff to send via URL
stuff to send via URL -> data within the URL
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode251
joomla-master-htaccess.txt:251: # Return a 403 Forbidden
# Return 403 Forbidden header and show the content of the root homepage
(words match Joomla production file)
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode260
joomla-master-htaccess.txt:260: RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]/{1,2}){1,} [NC]
Nice set of extra rules. Unusual use of /{1,2}. I'd use //? I think.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode272
joomla-master-htaccess.txt:272: RewriteRule ^plugins/system/GoogleGears/gears-manifest\.php$ - [L]
Yes.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode274
joomla-master-htaccess.txt:274: RewriteRule ^plugins/content/jw_allvideos/includes/jw_allvideos_scripts\.php$ - [L]
Yes.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode276
joomla-master-htaccess.txt:276: RewriteRule ^administrator/components/com_admintools/restore\.php$ - [L]
Yes.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode280
joomla-master-htaccess.txt:280: RewriteRule ^kickstart\.php$ - [L]
Nice.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode307
joomla-master-htaccess.txt:307: ## \., i.e.: www\.example\.com for www.example.com
Not clear to read the \. part.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode308
joomla-master-htaccess.txt:308: RewriteRule ^images/stories/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|ico|html?)$ - [L]
$ - yes.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode312
joomla-master-htaccess.txt:312: RewriteRule \.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|ico|html?)$ - [F]
jp(eg|g|2)? simplifies to jp(e?g|2)? or jpe?[g2]?
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode319
joomla-master-htaccess.txt:319: RewriteCond %{QUERY_STRING} (^|&)tmpl=(component|system) [NC]
Good catch.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode321
joomla-master-htaccess.txt:321: RewriteCond %{QUERY_STRING} (^|&)t(p|emplate|mpl)= [NC,OR]
Nice simplification.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode332
joomla-master-htaccess.txt:332: RewriteRule ^administrator/?$ - [L]
Nice simplification.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode333
joomla-master-htaccess.txt:333: RewriteRule ^administrator/index.html?$ - [L]
Escape literal periods.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode334
joomla-master-htaccess.txt:334: RewriteRule ^administrator/index2?.php$ - [L]
Escape literal periods.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode335
joomla-master-htaccess.txt:335: RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L]
jp(eg|g|2)? simplifies to jp(e?g|2)? or jpe?[g2]?
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode335
joomla-master-htaccess.txt:335: RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L]
mp(e|eg|3|4) simplifies to mp(eg?|3|4)
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode335
joomla-master-htaccess.txt:335: RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L]
og(g|v) simplifies to og[gv]
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode335
joomla-master-htaccess.txt:335: RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L]
od(t|s|p) simplifies to od[tsp]
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode347
joomla-master-htaccess.txt:347: RewriteRule ^(components|modules|plugins|templates)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L]
Simplifications as above.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode348
joomla-master-htaccess.txt:348: RewriteRule ^(components|modules|plugins|templates)/([^.]+)/index\.php(.*)$ - [L]
([^.]+)/ is "not a period one or more times". No idea why this pattern would be used here. Surely need to recurse directory levels?
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode348
joomla-master-htaccess.txt:348: RewriteRule ^(components|modules|plugins|templates)/([^.]+)/index\.php(.*)$ - [L]
With trailing (.*) and no question mark this no longer matches bare folder. What is the (.*) for?
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode349
joomla-master-htaccess.txt:349: RewriteRule ^templates/([^.]+)\.php$ $1 [L]
$1 should be - here. It is not the [^.] that makes this rule fail. It is the $1.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode358
joomla-master-htaccess.txt:358: RewriteRule ^(htaccess\.txt|configuration\.php-dist)$ - [F]
Doesn't match configuration.php and php.ini
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode364
joomla-master-htaccess.txt:364: RewriteCond %{QUERY_STRING} union([^s]*s)+elect.*[^\(]*\( [NC,OR]
The .* is superfluous.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode389
joomla-master-htaccess.txt:389: RewriteCond %{REQUEST_URI} !^/index.php
Escape literal periods.
Message from g1smd.email@gmail.com
2011-04-02T00:13:10+00:00g1smdurn:md5:fc478b8c373b931854525f40317b8608
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt
File joomla-master-htaccess.txt (right):
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode11
joomla-master-htaccess.txt:11: ## domain.com and domain\.com should be replaced with your real domain name.
example.com and example\.com
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode278
joomla-master-htaccess.txt:278: RewriteRule ^administrator/components/com_akeeba/restore\.php$ - [L]
Yes.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode321
joomla-master-htaccess.txt:321: RewriteCond %{QUERY_STRING} (^|&)t(p|emplate|mpl)= [NC,OR]
[NC,OR] -> [NC]
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode335
joomla-master-htaccess.txt:335: RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L]
mp(e|eg|3|4) simplifies to mp(eg?|[34])
Message from unknown
2011-04-03T08:44:23+00:00g1smdurn:md5:a6ddd4ff351503c9f993374213ffae43
Message from g1smd.email@gmail.com
2011-04-03T08:53:23+00:00g1smdurn:md5:d60bc7a5f96fc31e93a9c81bca8538f6
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt
File joomla-master-htaccess.txt (right):
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode84
joomla-master-htaccess.txt:84: ########## Begin - File exection order, by Komra.de
Spelling.
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode86
joomla-master-htaccess.txt:86: ########## End - File exection order
Spelling.
Message from g1smd.email@gmail.com
2011-04-03T10:29:30+00:00g1smdurn:md5:31f1e73eca1bfcdf3b4ba6cdb9590fd4
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt
File joomla-master-htaccess.txt (left):
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#oldcode245
joomla-master-htaccess.txt:245: RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [OR]
No idea why a combined rule would fail. This is basic RegEx stuff.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#oldcode349
joomla-master-htaccess.txt:349: RewriteRule ^(components|modules|plugins|templates)/([^/]+/)*(index\.php)? - [L]
([^/]+/)* is "not a slash, one or more times, followed by a slash" the whole repeated zero or more times. This recurses folder levels very quickly.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#oldcode349
joomla-master-htaccess.txt:349: RewriteRule ^(components|modules|plugins|templates)/([^/]+/)*(index\.php)? - [L]
The question mark makes this pattern match both <something>/ and <something>/index.php
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#oldcode360
joomla-master-htaccess.txt:360: RewriteRule ^(htaccess\.txt|configuration\.php(-dist)?|php\.ini)$ - [F]
Matches configuration.php and configuration.php-dist and php.ini
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#oldcode366
joomla-master-htaccess.txt:366: RewriteCond %{QUERY_STRING} union([^s]*s)+elect[^\(]*\( [NC,OR]
union([^s]*s)+elect[^\(]*\( matches "union" followed by "not 's', zero or more times, followed by 's'", followed by "elect" followed by "not a bracket, zero or more times, followed by a bracket.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#oldcode380
joomla-master-htaccess.txt:380: ## Note: The final RewriteCond must NOT use the [OR] flag.
The note is on the end in case people add more RewriteCond lines.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#oldcode392
joomla-master-htaccess.txt:392: # If the requested path and file is not /index.php and the request
These notes now appear in the Joomla official file version.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt
File joomla-master-htaccess.txt (right):
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode11
joomla-master-htaccess.txt:11: ## domain.com and domain\.com should be replaced with your real domain name.
example.com and example\.com
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode84
joomla-master-htaccess.txt:84: ########## Begin - File exection order, by Komra.de
Spelling.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode86
joomla-master-htaccess.txt:86: ########## End - File exection order
Spelling.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode99
joomla-master-htaccess.txt:99: ## Note: Some people prefer using "now plus 1 month" instead of "now plus 1 year".
http://www.webmasterworld.com/apache/4118917.htm#msg4119380
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode184
joomla-master-htaccess.txt:184: Redirect 301 /mail http://mail.google.com/a/domain.com
Don't mix Redirect and RewriteRule in the same site. Directives are processed in "per-module" order.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode196
joomla-master-htaccess.txt:196: # RewriteRule ^index\.php$ http%2://www.domain.com/ [R,L]
Simpler note: "If the above line throws a 500 error, change [R=301,L] to [R,L]"
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode201
joomla-master-htaccess.txt:201: RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R,L]
[R=301,L]
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode201
joomla-master-htaccess.txt:201: RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R,L]
^ and $ not required.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode207
joomla-master-htaccess.txt:207: #RewriteRule ^(.*)$ http://%1/$1 [R,L]
[R=301,L]
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode207
joomla-master-htaccess.txt:207: #RewriteRule ^(.*)$ http://%1/$1 [R,L]
^ and $ not required.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode214
joomla-master-htaccess.txt:214: ## file is supposed to be placed in www.domain.com!
If the file is placed in www.domain.com then it will never respond to requests for olddomain.com
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode215
joomla-master-htaccess.txt:215: ## Note: Replace [L=301,R] with [L,R] if you get error 500.
Correction: "Note: Replace [R=301,L] with [R,L] if you get error 500."
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode216
joomla-master-htaccess.txt:216: RewriteCond %{HTTP_HOST} ^(www\.)?olddomain.com [NC]
Escape literal periods.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode217
joomla-master-htaccess.txt:217: RewriteRule ^index\.php$ http://www.domain.com/ [L=301,R]
[L=301,R] should be [R=301,L]
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode218
joomla-master-htaccess.txt:218: RewriteCond %{HTTP_HOST} ^(www\.)?olddomain.com [NC]
Escape literal periods.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode219
joomla-master-htaccess.txt:219: RewriteRule ^(.*)$ http://www.domain.com/$1 [L=301,R]
[L=301,R] should be [R=301,L]
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode219
joomla-master-htaccess.txt:219: RewriteRule ^(.*)$ http://www.domain.com/$1 [L=301,R]
^ and $ not required.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode229
joomla-master-htaccess.txt:229: RewriteRule ^foobar\.html$ https://www.domain.com/foobar.html [L,R]
[R=301,L]
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode230
joomla-master-htaccess.txt:230: # Add mode rules below this line
mode -> more
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode237
joomla-master-htaccess.txt:237: # If the request contains /proc/self/environ (by SigSiu.net)
Clarification: If the request _query string_ contains...
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode239
joomla-master-htaccess.txt:239: # Legacy configuration variable injection
# Block out any script trying to set a mosConfig value through the URL. (words match Joomla production file)
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode241
joomla-master-htaccess.txt:241: # Block out any script trying to base64_encode stuff to send via URL
stuff to send via URL -> data within the URL
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode243
joomla-master-htaccess.txt:243: # Block out any script trying to base64_decode stuff to send via URL
stuff to send via URL -> data within the URL
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode251
joomla-master-htaccess.txt:251: # Return a 403 Forbidden
# Return 403 Forbidden header and show the content of the root homepage (words match Joomla production file)
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode260
joomla-master-htaccess.txt:260: RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]/{1,2}){1,} [NC]
Nice set of extra rules. Unusual use of /{1,2}. I'd use //? I think.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode307
joomla-master-htaccess.txt:307: ## \., i.e.: www\.example\.com for www.example.com
Not clear to read the \. part.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode308
joomla-master-htaccess.txt:308: RewriteRule ^images/stories/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|ico|html?)$ - [L]
jp(eg|g|2)? simplifies to jp(e?g|2)? or jpe?[g2]?
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode312
joomla-master-htaccess.txt:312: RewriteRule \.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|ico|html?)$ - [F]
jp(eg|g|2)? simplifies to jp(e?g|2)? or jpe?[g2]?
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode321
joomla-master-htaccess.txt:321: RewriteCond %{QUERY_STRING} (^|&)t(p|emplate|mpl)= [NC,OR]
[NC,OR] -> [NC]
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode333
joomla-master-htaccess.txt:333: RewriteRule ^administrator/index.html?$ - [L]
Escape literal periods.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode334
joomla-master-htaccess.txt:334: RewriteRule ^administrator/index2?.php$ - [L]
Escape literal periods.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode335
joomla-master-htaccess.txt:335: RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L]
jp(eg|g|2)? simplifies to jp(e?g|2)? or jpe?[g2]?
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode335
joomla-master-htaccess.txt:335: RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L]
mp(e|eg|3|4) simplifies to mp(eg?|[34])
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode335
joomla-master-htaccess.txt:335: RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L]
og(g|v) simplifies to og[gv]
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode335
joomla-master-htaccess.txt:335: RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L]
od(t|s|p) simplifies to od[tsp]
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode347
joomla-master-htaccess.txt:347: RewriteRule ^(components|modules|plugins|templates)/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L]
Simplifications as above.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode348
joomla-master-htaccess.txt:348: RewriteRule ^(components|modules|plugins|templates)/([^.]+)/index\.php(.*)$ - [L]
([^.]+)/ is "not a period one or more times". No idea why this pattern would be used here. Surely need to recurse directory levels?
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode348
joomla-master-htaccess.txt:348: RewriteRule ^(components|modules|plugins|templates)/([^.]+)/index\.php(.*)$ - [L]
With trailing (.*) and no question mark this no longer matches bare folder. What is the (.*) for?
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode349
joomla-master-htaccess.txt:349: RewriteRule ^templates/([^.]+)\.php$ $1 [L]
$1 should be - here. It is not the [^.] that makes this rule fail. It is the $1.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode355
joomla-master-htaccess.txt:355: RewriteRule ^[^/]+\.php$ - [F]
Match "not a slash, followed by a period" will fail. The "not a slash" part will "consume" the ".php" part.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode358
joomla-master-htaccess.txt:358: RewriteRule ^(htaccess\.txt|configuration\.php-dist)$ - [F]
Doesn't match configuration.php and php.ini
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode364
joomla-master-htaccess.txt:364: RewriteCond %{QUERY_STRING} union([^s]*s)+elect.*[^\(]*\( [NC,OR]
The .* is superfluous.
http://codereview.appspot.com/4290071/diff/8001/joomla-master-htaccess.txt#newcode389
joomla-master-htaccess.txt:389: RewriteCond %{REQUEST_URI} !^/index.php
Escape literal periods.
Message from g1smd.email@gmail.com
2011-04-03T10:30:54+00:00g1smdurn:md5:21bbf532124332122837c66d094f8d40
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt
File joomla-master-htaccess.txt (right):
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode308
joomla-master-htaccess.txt:308: RewriteRule ^images/stories/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|ico|html?)$ - [L]
jp(eg|g|2)? simplifies to jp(e?g|2)? or jpe?[g2]?
Message from g1smd.email@gmail.com
2011-04-03T12:46:31+00:00g1smdurn:md5:f8e9538896acf6a04d7ec986a136d4ed
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt
File joomla-master-htaccess.txt (right):
http://codereview.appspot.com/4290071/diff/1/joomla-master-htaccess.txt#newcode355
joomla-master-htaccess.txt:355: RewriteRule ^[^/]+\.php$ - [F]
Match "not a slash, followed by a period" will fail. The "not a slash" part will "consume" the ".php" part.