Printable Version of Topic
Click here to view this topic in its original format
HTMLHelp Forums _ Web Server Configuration _ Web host uses URL rewriting by default
Posted by: Christian J Nov 4 2015, 07:05 PM
A web host's Apache server uses some kind of URL rewriting, so that you can access a file like
CODE
foo.html
with just the URL
CODE
/foo
Is this a good idea? Can or should I try to remove it? It's not done in any .htaccess file that I can see, so I guess it's in some Apache .conf file. A quick web search just turns up pages on how to enable this, not how to disable it.
Posted by: pandy Nov 5 2015, 01:46 AM
if it's a good idea for you to have I don't know. i think it's a bad idea for a web host to force anything on all users, more than essential things like file types. couldn't you just ask them to exclude you if you want to get rid of it?
Posted by: Christian J Nov 5 2015, 08:58 AM
QUOTE(pandy @ Nov 5 2015, 07:46 AM) 
if it's a good idea for you to have I don't know.
Me neither. I wouldn't link to such URLs on purpose. Could there be any potential security implications, like XSS vulnerabilities?
QUOTE
i think it's a bad idea for a web host to force anything on all users
Actually I had no idea they were doing it, until I found out by mistake.
QUOTE
couldn't you just ask them to exclude you if you want to get rid of it?
Yes but first I must decide what I want.
Posted by: Darin McGrew Nov 5 2015, 12:38 PM
Well, TBL advocates for leaving off the filename extension (as well as other things): http://www.w3.org/Provider/Style/URI
Posted by: Christian J Nov 5 2015, 01:25 PM
QUOTE(Darin McGrew @ Nov 5 2015, 06:38 PM)
Well, TBL advocates for leaving off the filename extension (as well as other things): http://www.w3.org/Provider/Style/URI
Some good points about future-proofing. However, I still use .html extensions even when pages are generated by server-side scripts. I guess I could still use those .html extensions even if I stopped using HTML in the distant future.
Also this part sounds dangerous:
QUOTE
You keep the file extension (such as .png) on the file (e.g. mydog.png), but refer to the web resource without it. Apache then checks the directory for all files with that name and any extension, and it can also pick the best one out of a set (e.g. GIF and PNG).
According to my quick test, my Apache server picked a directory (redirecting "foo" to "foo/"). If that directory did not exist, an HTML file was picked.
When I deleted the directory "foo/", Apache still redirected the URL "foo" to "foo/", where it displayed the HTML file as if it was the directory index file. But if I create a new HTML file "bar.html", the URL "bar" does not redirect to "bar/". Maybe some kind of URL caching is going on there?
Posted by: pandy Jan 8 2016, 04:13 AM
QUOTE(Christian J @ Nov 5 2015, 07:25 PM)
Also this part sounds dangerous:
QUOTE
You keep the file extension (such as .png) on the file (e.g. mydog.png), but refer to the web resource without it. Apache then checks the directory for all files with that name and any extension, and it can also pick the best one out of a set (e.g. GIF and PNG).
According to my quick test, my Apache server picked a directory (redirecting "foo" to "foo/"). If that directory did not exist, an HTML file was picked.
When I deleted the directory "foo/", Apache still redirected the URL "foo" to "foo/", where it displayed the HTML file as if it was the directory index file. But if I create a new HTML file "bar.html", the URL "bar" does not redirect to "bar/". Maybe some kind of URL caching is going on there?
Don't know. This is one of the reasons I don't use this. Too many things too keep track of. I suspect I would also need to abandon the way I rename backup files. I sometimes just change the case. Like index.HTML for the first backup and INDEX.HTML for the next if I want to keep two. They sort right with FTP and it makes them stand out, but I don't know if it would be safe.
Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)