Home arrow Joomla Install arrow Secure your standalone scripts used in a Joomla site

Main Menu

Home
Joomla Install
Administration
Joomla Components
Joomla Modules
Joomla Bots
Joomla SEO
Hacks
Links
Search
Joomla! Home
Joomla! Forums
FAQ's
Sitemap
joomla_commpow_sm.png JoomlaTips.org is not affiliated with or endorsed by the Joomla! Project or Open Source Matters. The Joomla! logo is used under a limited license granted by Open Source Matters the trademark holder in the United States and other countries.
 
Secure your standalone scripts used in a Joomla site PDF Print E-mail
User Rating: / 1
PoorBest 


Joomla has everything you may need. Right? If you take a look to the Joomla Extensions site, you may agree with this. But, as allways, there may be cases, when the above statement is wrong. For specific need he simplest approach may be to use for specific purposes a standalone script. You can solve the problem - apparently - by using Joomla's wrapper feature, and use your scripts as they where part of your Joomla site. Allmost perfect solution you may think... but your scripts are directly accessible by their phisical URL, not only through the Joomla interface. What you can do about?

A lot. And surprisingly easily.

If you Google around, you will find allmost instantly a .htaccess code, wich, for couple of reasons won't work in your Joomla install. But the solution is allmost there, you need only to modify slightly the code you find this way.

The tip below is tried for Joomla 1.0.15, but probably will work withouth a hitch in any version (including Joomla 1.5.* versions). Let’s say:

  • Your website domain is http://www.somedomain.org
  • You have some individual PHP scripts under a folder called /scripts
  • You are using the Joomla wrapper and wrap your PHP scripts nicely through the admin interface and only registered members can access the scripts.
However, if you type http://www.somedomain.org/scripts/myPHPscript.php on the browser, you find out that anyone can execute the script without registering/logging in to your Joomla site!

So the easy solution, is to put a .htaccess file inside your /scripts folder to block direct access to the folder or the scripts. In the same time sure that use as title of your wrapper something different from the real script URL!

Your htaccess file should contain:

RewriteEngine On

# Blocking direct access
RewriteCond %{HTTP_REFERER} !^http://www.somedomain.org/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://somedomain.org/.*$ [NC]
RewriteCond %{REQUEST_URI} scripts [NC]
RewriteRule .* - [F]

This will actually block any access if the URL contains …scripts… This will work, because Joomla’s wrapper doesn’t tell you the directory name, but instead is using the Wrapper title that you specified on the Administration. So as long as you don’t put in the same name as the script folder, this will work.

Instructions:

  1. Replace somedomain.org with your real site’s URL.
  2. Replace scripts with your own folder name
  3. Upload the .htaccess file to your folder that you want to protect
  4. Test that going to the script using Joomla Wrapper’s URL works
  5. Test that typing straight on your browser to the PHP scripts gives you the Forbidden error message
Hope this helps. Thanks for original tip to Michael Aulia !

Add this page to your favorite Social Bookmarking websites
Reddit! Del.icio.us! Mixx! Free and Open Source Software News Google! Live! Facebook! StumbleUpon! Yahoo! Joomla Free PHP
plugin by VivoCiti.com
 
< Prev   Next >
[ Back ]
Quantcast