NYCPHP Meetup

NYPHP.org

[nycphp-talk] not including '.php' in URI

Douglas Clifton dwclifton at gmail.com
Tue Mar 21 19:02:51 EST 2006 

> ---------- Forwarded message ----------
> From: "inforequest" <1j0lkq002 at sneakemail.com>
> To: talk at lists.nyphp.org
> Date: Tue, 21 Mar 2006 11:11:29 -0800
> Subject: Re: [nycphp-talk] not including '.php' in URI
> Chris Shiflett shiflett-at-php.net |nyphp dev/internal group use| wrote:
>
> >Dan Horning wrote:
> >
> >
> >>it's not a matter of making things faster, b/c it won't, I've
> >>tried, but in actuality you create excessive opportunities for
> >>security breaches, why on earth would you want to make your
> >>life harder.
> >>
> >>
> >
> >Can you substantiate that claim? My web sites don't use file extensions,
> >but I doubt you can convince me that this increases my security risk.
> >
> >I know little to nothing about SEO - my decision is based on my opinion
> >that URLs are basically friendly APIs for the average person. Things
> >like file extensions and underscores don't seem very friendly.
> >
> >Simple is beautiful. :-)
> >
> >Chris
> >
> >
> I appreciate this discussion. It's good stuff. I'd like to see more of it.
>
> There are so many ways to avoid using file extensions... Maybe it's
>
>  www.site.tld/nicename causes Apache to run /nicename/index.php
> or
>  www.site.tld/nicename causes Apache to run /nicename/index.html (which
> is a PHP script, or maybe not)
> or
>  www.site.tld/nicename is merely a referrer reference because PHP.ini
> runs a (PHP script) controller every time
> or
>  www.site.tld/nicename causes Apache to run /nicename (a PHP script with
> no extension)
> or
>  www.ste.tld/nicename causes Apache to run redirect to
> /nicename/controller.php via a rewrite rule
>
> Each has performance issues, security issues, etc. How can one generalize?
>
> Chris chooses to accommodate the user, and handles the security and
> performance issues. Isn't that how we all have to do it? Choose a
> strategy and cover the bases?
>
> -=john andrews

If you are lucky enough to have a dedicated server with
root access and thus have control over the Apache
configuration file, a technique that I use avoids use of
.htaccess files, mod_rewrite, or blanket interpretation of
all files as PHP. Simply create a Directory container for
all the files you want to pass to PHP that will not have an
extension:

<Directory /var/www/sites/mysite.com/docroot/folder>
 <FilesMatch "^(page1|page2|page3)$">
  ForceType application/x-httpd-php
 </FilesMatch>
</Directory>

now:

mysite.com/folder/page1 (and so on)

will all run under PHP. If you want to create an entire
folder full of these, then omit the <FilesMatch> directive,
but be careful about storing non-PHP files in the same
place.

--
Douglas Clifton
dwclifton at gmail.com
http://loadaveragezero.com/
http://loadaveragezero.com/app/s9y/
http://loadaveragezero.com/drx/rss/recent

More information about the talk mailing list