Forbid access via "/index.php/" in url

Dimec · October 23, 2014, 5:00pm

As you know, after enabling pretty uls and disabling showing script name user can still access controllers via index.php in url:


localhost/index.php/gii

still works, like


localhost/gii

This doubling is not good.

In Yii 1.1.x you could forbid such access by extending “init” function in parent Controller component:


public function init()

{

	if (strpos(Yii::app()->request->requestUri, '/index.php') !== false){

		throw new CHttpException(404);

	}

}

Does Yii2 have more elegant solutions?

CeBe · October 24, 2014, 12:29am

similar thing is possible with yii2. We have no option to avoid that directly. You may also disallow this in your .htaccess file somehow which is maybe a better place for it.

samdark · October 24, 2014, 12:45am

Wouldn’t http://www.yiiframework.com/doc-2.0/yii-web-urlmanager.html#$enableStrictParsing-detail help in this case?

Dimec · October 24, 2014, 5:58am

Yes, i like it too. Let me left .htaccess code here for someone who will look for it:




RewriteEngine on


# if a directory or a file exists, use it directly

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d


# otherwise forward it to index.php

RewriteRule . index.php


# forbid acccess with /index.php/ in url

RewriteCond %{REQUEST_URI} ^/index\.php/

RewriteRule . - [F]