Skip to content
Advertisement

How to stop accessing the user from specific URL scheme

I was working on a Project & I added 404 Page not Found code in htaccess file of it.

This 404 Error Code working fine for all type of urls if someone accidentally type the wrong name of page etc.

But, I try to add the same name of page 2 times in the URL path and it show me something very strange.

Lets suppose i have a website http://example.com

It has a page named dashboard.php, So I first try to access it using http://example.com/dashboard.php. It show me the dashboard.php as normally it should be show me.

Issue:

When I try to access this dashboard.php using http://example.com/dashboard.php/dashboard.php, It show me all the texual content without including css,js,images files.

Screenshots:

http://example.com/dashboard.php

View

http://example.com/dashboard.php/dashboard.php

View

My htaccess code (Working fine):

ErrorDocument 404 http://example.com

Advertisement

Answer

In your error page, use only absolute links (with domain, or from root with / in the beginning), especially for css or images.

Or you can add in the header:

<base href="http://example.com/">

or

<base href="/">

You can stop the user from accessing url like this with htaccess :

AcceptPathInfo Off

https://httpd.apache.org/docs/2.4/en/mod/core.html

User contributions licensed under: CC BY-SA
6 People found this is helpful
Advertisement