How to hide php in url
There are several ways of doing it. You can use mod-rewrite to rewire foo to foo.php so that requests for /bar gets handled by /bar.php. You can use directories, and default-files, so that you link to the direcory /foo/ which gets handled by /foo/index.php You can set a php-script as the handler for 404-errors, then you just link to nonexistant files, and the handler-file deals with it however it likes. (typically by using some sort of map from url to php-file) You can tell your webserver that all request for a certain webserver, is to be handled by php. The first or second solution is the simplest, but the 2 last ones gives the best flexibility, and variants thereof is what most of the bigger frameworks do. In general, security by obscurity is one of the weakest forms of security. But in some cases, every little bit of extra security is desirable. A few simple techniques can help to hide PHP, possibly slowing down an attacker who is attempting to discover weaknesses in your system. By setting expose_php to Another tactic is to configure web servers such as apache to parse different filetypes through PHP, either with an .htaccess directive, or in the apache configuration file itself. You can then use misleading file extensions: Example #1 Hiding PHP as another language # Make PHP code look like other code types AddType application/x-httpd-php .asp .py .pl Or obscure it completely: Example #2 Using unknown types for PHP extensions # Make PHP code look like unknown types AddType application/x-httpd-php .bop .foo .133t Or hide it as HTML code, which has a slight performance hit because all HTML will be parsed through the PHP engine: Example #3 Using HTML types for PHP extensions # Make all PHP code look like HTML AddType application/x-httpd-php .htm .html For this to work effectively, you must rename your PHP files with the above extensions. While it is a form of security through obscurity, it's a minor preventative measure with few drawbacks. rustamabd at google mail ¶ 15 years ago
anon at example dot com ¶ 8 years ago
Anonymous ¶ 18 years ago
CD001 ¶ 12 years ago
$_GET['query'])) { Pyornide ¶ 13 years ago
mmj ¶ 18 years ago
marpetr at NOSPAM dot gmail dot com ¶ 16 years ago
yasuo_ohgaki at yahoo dot com ¶ 20 years ago
sandaimespaceman at gmail dot com ¶ 13 years ago
Anonymous ¶ 19 years ago
benjamin at sonntag dot fr ¶ 17 years ago
info at frinteractives dot com ¶ 7 years ago
l0rdphi1 at liquefyr dot com ¶ 19 years ago
m1tk4 at hotmail dot com ¶ 20 years ago
php at user dot net ¶ 18 years ago
simon at carbontwelevedesign dot co dot uk ¶ 16 years ago
= explode("/",$_SERVER['REQUEST_URI']);$varone = $permalinks[1]; php at vfmedia dot de ¶ 18 years ago
jtw90210 ¶ 17 years ago
Bryce Nesbitt at Obviously.COM ¶ 19 years ago
Ryan ¶ 10 years ago
omolewastephen at gmail dot com ¶ 4 years ago
sth at panix dot com ¶ 20 years ago
Raz ¶ 14 years ago
How do I hide the PHP extension in a URL?Linked. 127. Remove .php extension with .htaccess.. Change PHP GET url using .htaccess.. -3. how to change url format and HIDE php files in it.. .htaccess Rewrite .php to 'virtual folder'. Extensionless URL trailing slash redirect.. Remove file extensions using .htaccess (Apache2). Can you hide PHP code?It is impossible to totally hide the PHP source code since it is an interpreted language, but there are a few possible alternatives: Use a code obfuscator to make the source code difficult to read. Use a code protector or encoder.
How customize URL in PHP?Another option, if you want to do your URL rewriting entirely PHP, is to set rewrite rules to direct all requests to a single script. One great advantage of this, is you can store your code in an area not accessible to Apache, and only your URL dispatching script need be Apache-accessible.
|