From 3086bb9a1590210092a9116060a1c5784bc5e558 Mon Sep 17 00:00:00 2001 From: Jason Woofenden Date: Thu, 7 May 2015 22:50:09 -0400 Subject: [PATCH] improve 404 behavior --- .htaccess | 11 ++++------- error_404.html | 16 ++++++++++++++++ error_404.php | 5 +++++ 3 files changed, 25 insertions(+), 7 deletions(-) create mode 100644 error_404.html create mode 100644 error_404.php diff --git a/.htaccess b/.htaccess index af54bb2..3847e70 100644 --- a/.htaccess +++ b/.htaccess @@ -7,9 +7,7 @@ DirectoryIndex disabled AddDefaultCharset UTF-8 AddCharset UTF-8 .css RewriteEngine on -RewriteRule ^[^/.]*$ /wfpl_main.php [L] -# Close loophole in security restriction/exception below -RewriteRule ^.*/.*wfpl_main.php$ /error_404 [L,R] +RewriteRule ^[^/.]*$ /wfpl_main.php [L] ExpiresActive On @@ -23,10 +21,9 @@ SetHandler default-handler Options SymlinksIfOwnerMatch php_flag engine off RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo -# Exception: allow access to wfpl_main.php -# -# this allows access to any files named "wfpl_main.php" anywhere, so there's a -# rewrite rule above to use the top-level one, no matter which was requested. +# code execution exception: allow only /wfpl_main.php +# matches regardless of directory/path, so rewrite php in subdirs +RewriteRule ^.*/.*\.php$ - [L,R=404] php_flag engine on SetHandler application/x-httpd-php diff --git a/error_404.html b/error_404.html new file mode 100644 index 0000000..c5e8269 --- /dev/null +++ b/error_404.html @@ -0,0 +1,16 @@ + + + + ~$title show {~404: File Not Found~}~ + + + +

404: File Not Found

+ +

Oops, we don't have a page at ~path html~

+ +

If you got here by clicking a link on this site, please let us know where we can find that broken link.

+ + + + diff --git a/error_404.php b/error_404.php new file mode 100644 index 0000000..9c9d958 --- /dev/null +++ b/error_404.php @@ -0,0 +1,5 @@ +