Thread

Hey,

I’m a newbie to CodeIgniter but I’ve been reading the documentation and have a few questions about how routing works, particularly with relation to duplicate content.

1. Is it possible to prevent the default controller from being accessed directly? For instance, if the default controller is welcome, is it possible to keep http://example.com/welcome/index and http://example.com/welcome/some_other_method from being accessible directly like that?

2. On a related note, is it possible to choose a canonical URL for content when using the default method? For example, is it possible to have http://example.com/controller/index redirect to http://example.com/controller

3. If I use rewriting to remove index.php from the URLs, can I safely switch the URI protocol to REQUEST_URI so that people can’t access content using URLs with index.php in them? Will that even work, or does the URI protocol config option only affect generated URLs?

4. How can I deal with the issue of trailing slashes in URLs (eg: http://example.com/controller/method/id versus http://example.com/controller/method/id/)?

5. A slightly unrelated routing question. Is it possible to turn off/override CodeIgniter’s default routing entirely? The URIs I’m envisioning for a project I’m working on don’t really fit with the controller/method/parameters model that CodeIgniter uses, and while I can use custom routing, I would prefer to disable any alternate paths that shouldn’t be used.

Thanks in advance!

Hello,

Here in the documentation query strings are detailed:

http://ellislab.com/codeigniter/user-guide/general/urls.html

and to make a method inaccessible via a url begin the method’s name with an underscore as explained under the controllers section.

Hope this helps.

Here in the documentation query strings are detailed:

http://ellislab.com/codeigniter/user-guide/general/urls.html

Thanks, but like I said, I already read that and I don’t think it answers my questions. Query strings aren’t really relevant to what I asked at all. If I’m missing something, let me know. 😉

and to make a method inaccessible via a url begin the method’s name with an underscore as explained under the controllers section.

Yeah, I already knew that. But that wasn’t what I asked. I asked about limiting the ways in which a method could be accessed, not how to make a method entirely inaccessible.

Perhaps you should provide an example on how you would like your url’s formatted? 😉

And using the underscore method doesn’t make the method complete inaccessible…just makes direct access with routing impossible.

Perhaps you should provide an example on how you would like your url’s formatted? 😉

Sure:
http://example.com/article/1234/
I know how to route the request, my question is how I keep the routes I create as the only way to access the site.

And using the underscore method doesn’t make the method complete inaccessible…just makes direct access with routing impossible.

So you’re saying I could write a route for my application to direct a request to that otherwise inaccessible method?

Try setting the status header with the output class.

$this->output->set_status_header('404');
// Your output code here

If you have your routing setup so that nothing goes through index(), you could use the above method in index(). It *should* have the same effect as a standard 404 Not Found. Not sure if that answers your question. Just thinking off the top of my head.

If that doesn’t work, you could try using .htaccess with the [F] forbidden flag.

Thanks, but I don’t think that really helps. I’m going to have content in the index method. The problem is the routing involved in getting them there.

In the case of #1 (which is I assume what you’re responding to), I want to prevent the methods from being invoked by calling the controller via the URL. So, I want http://example.com to work but http://example.com/welcome to not work (assuming the default controller is welcome).

Sorry to bump this, but I’m still hoping that someone can answer my questions 😊

Nobody can answer even one of the questions? This is quite disappointing :(
I appreciate the people who have tried to help me so far, but I would really like to have some more concrete answers! 😉

Perhaps you should read the HTTP specification being implemented by your

  [ web server + (proxy) + web browser ]

Understand what requests must be received by the web server from the browser for them to work properly together, and that the Apache + CI hacks that hide some of these from the unsuspecting end user are simply illusionary games played to fool them into thinking weknow magic when it’s just slight of hand.

Please don’t design your application around what goes into the address bar.  If anything, go read the latest studies on the significance or insignificance of that thing as a navigation aid to see if it demands such a determined focus.

The bottom line is that if your server needs to serve a specific resource to a specific TCP::HTTP connection, the requesting platform (the browser) must request the exact resource over the wire.  That means the full URI must come from the requester. Hence, you cannot prevent the end user from sending that request - on the browser’s address bar or otherwise.

Sorry for the bad news, but I hope this is at least somewhat helpful.

Randy

Thanks for the reply, Randy.

However, I’m not designing my application around URIs (except in #5, in which case the URLs are VERY relevant: that’s why I asked about fully custom routing). My questions revolve around the issue of duplicate content and canonical URLs, which (at least in my opinion) are important issues. They are not the most important issues, certainly, but they are issues which any new website should be conscious of and issues which are easily dealt with.

I also dispute one point in your post:

“The bottom line is that if your server needs to serve a specific resource to a specific TCP::HTTP connection, the requesting platform (the browser) must request the exact resource over the wire.  That means the full URI must come from the requester. Hence, you cannot prevent the end user from sending that request - on the browser’s address bar or otherwise.”

First of all, isn’t the whole point of CodeIgniter’s custom routing that URIs can be whatever you want? Isn’t the point of CodeIgniter’s default routing that resources can be assigned different names at the whim of the programmer? On a CodeIgniter setup, is /controller/method a real set of folders or is it an artifical construct created by the framework to allow the programmer to control the URIs? 😉

Also, although you seem to deny that it’s possible, I know that I can handle my questions with a combination of PHP and mod_rewrite; my question was whether CodeIgniter had addressed these issues as part of the framework (or if the community had addressed it in some systematic fashion). I could very easily address my first four questions by using the controller constructor to check REQUEST_URI, but I wanted to know if CodeIgniter had some other way of dealing with this issue.

So, now that I’ve said all of that, should I just assume that CodeIgniter does not deal with any of these issues and I need to write the 6 or so lines of code to handle them myself? 😉

OK..Ok…if you want your users to say “abarah cadabarah” and get a volkswagen you can do it…

Q1) 1. Is it possible to prevent the default controller from being accessed directly?

A1: Yes. You’ll prevent your entire site from working..but hey, you never really asked that part.
A2: Yes. Authentication
A3: It depends. Your most previous response indicates you know the answer to this question.

Q2)2. On a related note, is it possible to choose a canonical URL for content when using the default method? For example, is it possible to have http://example.com/controller/index redirect to http://example.com/controller

A: Depends on your server configuration.

3. If I use rewriting to remove index.php from the URLs, can I safely switch the URI protocol to REQUEST_URI so that people can’t access content using URLs with index.php in them? Will that even work, or does the URI protocol config option only affect generated URLs?

A: Depends on your server configuration.

Q4.) How can I deal with the issue of trailing slashes in URLs (eg: http://example.com/controller/method/id versus http://example.com/controller/method/id/)?

A: ltrim($whatever,’/’);  <—this was the tough one

Q5) 5. A slightly unrelated routing question. Is it possible to turn off/override CodeIgniter’s default routing entirely?

A: Yes. Override the Class.

——-
That should make you a little happier.

Randy

Thanks a lot! 😉
Just a couple followup questions:

A1: Yes. You’ll prevent your entire site from working..but hey, you never really asked that part.
A2: Yes. Authentication
A3: It depends. Your most previous response indicates you know the answer to this question.

So should I only pay attention to #3 (which I assume means “go with your REQUEST_URI idea”)? If not, could you elaborate on #1/2? I don’t see how my site would break or how authentication should play a role.

Q2)2. On a related note, is it possible to choose a canonical URL for content when using the default method? For example, is it possible to have http://example.com/controller/index redirect to http://example.com/controller

A: Depends on your server configuration.

In other words, mod_rewrite or PHP?

3. If I use rewriting to remove index.php from the URLs, can I safely switch the URI protocol to REQUEST_URI so that people can’t access content using URLs with index.php in them? Will that even work, or does the URI protocol config option only affect generated URLs?

A: Depends on your server configuration.

No, it depends on CodeIgniter. This is a purely CodeIgniter question. If the answer is that it only affects generated URLs, then the way to deal with it is via mod_rewrite. However, the question itself is about CodeIgniter. So, does CodeIgniter itself allow me to disable access in that way?

A: ltrim($whatever,’/’);  <—this was the tough one

And where exactly should I put that line? My question wasn’t how to remove a trailing slash from a string, my question was how do I make sure that one version redirects to the other.

...can I safely switch the URI protocol to REQUEST_URI so that people can’t access content using URLs with index.php in them? Will that even work, or does the URI protocol config option only affect generated URLs?

No, it depends on CodeIgniter. This is a purely CodeIgniter question. If the answer is that it only affects generated URLs, then the way to deal with it is via mod_rewrite. However, the question itself is about CodeIgniter. So, does CodeIgniter itself allow me to disable access in that way?

While I try to wrap my brain around your other “I’m not designing around the URI scheme” questions, let me work on this one…You are right, I didn’t understand this at first.  I think that is because I’m attempting to see this from the pragmatic view point of the user. 

What do you expect to do if, under the the certain circumstance, the use DOES type in “index.php” on the address bar?  Send a jolt of lightning through the ether and kill them on the spot?  😏

The short answer is it only affects generated URLs.
—-

I’m just having some fun.  I’m looking at the other questions too.

Q2)2. On a related note, is it possible to choose a canonical URL for content when using the default method? For example, is it possible to have http://example.com/controller/index redirect to http://example.com/controller

A: Depends on your server configuration.

In other words, mod_rewrite or PHP?

I’m perplexed by this question because you ask specifically about canonicalization but then follow with two URLs that don’t touch on the www vs. non-www hot button issue.  So I truly don’t understand the question.  The routing class will allow you to do almost anything like this as you’ve already rebuked me about.  So what exactly are you asking?