Skip to content
Advertisement

How can I prevent additional strings from being added after URLs that end with .php?

our website’s team just discovered that any user can add a slash ‘/’ then any string after a URL that ends with a .php extension and still access the same original page.

For example:
I can access www.mydomain.com/index.php with:

  • www.mydomain.com/index.php/test
  • www.mydomain.com/index.php/test/123
  • www.mydomain.com/index.php/wqeqwew/2234dwd

(Note: Additional strings after index.php/ are non-existent in the server, they’re just some garbage)

Another problem is that with my dynamic URLs, I can always add a nonexistent php file in between my domain name and the first parameter.

For example:
I can access www.mydomain.com/product/one with:

  • www.mydomain.com/test.php/product/one
  • www.mydomain.com/imnothere.php/product/one

How can I prevent this from happening and how do I deal with it? Is this a serious problem in terms of SEO or security? I want the website to return 404 error whenever these kinds of URL are entered or clicked in the browser.

Any help is greatly appreciated. Thanks!

EDIT:

I think I already fixed it. For the first problem, I added AcceptPathInfo Off in my .htaccess. And for the second problem, I just added ^ before my RewriteRule for my dynamic URL, e.g. RewriteRule ^product/(.*)$ so that nobody can add anymore extra string in between the domain name and the first parameter. Thanks for all the help!

Advertisement

Answer

How can I prevent this from happening and how do I deal with it?

This is due to Apache’s AcceptPathInfo directive. You can turn it off – if the server is configured accordingly, you’ll just need a .htaccess file for it.

Is this a serious problem in terms of SEO or security?

I can’t think of a way in which it could be a serious problem. It’s generally enabled by default in most handlers, and is being routinely used as a “poor man’s mod_rewrite” (A way to provide fancy-looking URLs).

User contributions licensed under: CC BY-SA
7 People found this is helpful
Advertisement