Preconfigured .htaccess

From Joomla! Documentation

Revision as of 15:45, 13 September 2010 by Dlwilson007 (Talk | contribs)

I'm not well versed in htaccess, but like many people, I have set up my Joomla instance in a directory off the root. And like most people, I have had quite a time trying to modify both my configuration.php as well as the htaccess to make the URL appear to go to the domain root and not show the Joomla folder.

I would like to see an htaccess option that is preconfigured for a sub-directory as well...or at least commented code that allows you to easily switch.

Also, I heard the current htaccess is considered very inefficient, although lacking apache skills I could not tell you why. The current file is copyrighted, so I can't post the contents on forums to get help.

So if the copyright can't be lifted (which would be perfectly acceptable) then the only other recommendation is bringing in other resources to review and improve the file.

Just my two cents.

Dlwilson007 17:55, 13 September 2010 (UTC)

The following edits to the .htaccess file are in order.

1. Correction to syntax.

RewriteRule ^(.*)$ index.php [F,L]

F implies, L; remove L.

RewriteRule (.*) index.php [F]

2. Improvements to efficiency.

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index.php
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$  [NC]
RewriteRule (.*) index.php
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

The -f and -d "exists" checks are VERY inefficient, requiring the server to make two physical disk reads for EVERY request made of the server. This massively slows the page serving. For a busy site these checks will force an early server upgrade, as well as rapidly beating the hard drive to death. The -f and -d checks should be the LAST ones. The Rewrite also needs an [L] flag added.

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_URI} !^/index.php
RewriteCond %{REQUEST_URI} (/|\.php|\.html?|\.feed|\.pdf|\.raw|/[^.]*)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ index.php [L] and others, refer.

(G1smd 19:34, 13 September 2010 (UTC))

Please open a tracker item and include a patch so that the Bug Squad can test. Thanks. Chris Davenport 19:53, 13 September 2010 (UTC)

Tracker item added.

(G1smd 20:37, 13 September 2010 (UTC))

Additional ideas to include

Adding this as a comment since my apache skills are limited. I found a couple of security features that could be added to the Joomla htaccess file, but I tried them and they failed. So I will provide the code, and maybe someone with skills could analyze and maybe incorporate changes to include the code. It's a nice to have. It would also help to have instructions as to what needs to be in place on the server for these to work, such as the .htpasswd file.

Here is the code:

## Deny access to files with specified extensions
<FilesMatch "^(exe||tif|ai|html)\.*$">
Order deny,allow
Deny from all
Satisfy all
## End of deny access to files with specified extensions
## Restrict access to administrator page
<Files administrator>
Order deny,allow
Deny from all
AuthName "htaccess password prompt"
AuthType Basic
AuthUserFile /home/restrictions/.htpasswd
Require valid-user
## End of restrict access to administrator page