In some sites it may be a problem to use PHP to render the system errors like the not found error (404). This is because PHP is used to render this error pages which means PHP + Database usage on a simple page load.
Now, as you may know there is a way to use a image replacement (since Chevereto 2.3) to handle this:
Which is cool to show a image "Not found" replacement and also promote your site. Problem comes when people use this PHP error handling to do a DDoS Layer 7 attack on your server, so imagine that they embed js, css, or any file... The system will be collapsed because PHP will be serving that request instead of the server default error page.
To prevent this, you can do the following... Open the root .htaccess file and above this:
Add this:
The whole rule will read: For anything that is not a file, is not a directory, and the request URL doesn't contain .ext (like txt, js, asdf) Chevereto will send the request to the bootstrap (index.php), else... The system will issue the default error page. Cool isn't?
I will issue this improvement with 2.5 and you should apply it now. I've already applied on the demo if you want to test: http://demo.chevereto.com/images/2012/11/04/MdsaDiIL.js http://demo.chevereto.com/images/2012/11/04/MdsaDiIL.png
The complete .htaccess looks like this:
Now, as you may know there is a way to use a image replacement (since Chevereto 2.3) to handle this:
Code:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule images/.+\.(gif|jpe?g|png|bmp) content/system/img/404.gif [NC,L]
Which is cool to show a image "Not found" replacement and also promote your site. Problem comes when people use this PHP error handling to do a DDoS Layer 7 attack on your server, so imagine that they embed js, css, or any file... The system will be collapsed because PHP will be serving that request instead of the server default error page.
To prevent this, you can do the following... Open the root .htaccess file and above this:
Code:
RewriteRule . index.php [L]
Add this:
Code:
RewriteCond %{REQUEST_URI} !\.([a-z]{1,4})$ [NC]
The whole rule will read: For anything that is not a file, is not a directory, and the request URL doesn't contain .ext (like txt, js, asdf) Chevereto will send the request to the bootstrap (index.php), else... The system will issue the default error page. Cool isn't?
I will issue this improvement with 2.5 and you should apply it now. I've already applied on the demo if you want to test: http://demo.chevereto.com/images/2012/11/04/MdsaDiIL.js http://demo.chevereto.com/images/2012/11/04/MdsaDiIL.png
The complete .htaccess looks like this:
Code:
# Disable server signature
ServerSignature Off
# Disable directory listing (-indexes), Multiviews (-MultiViews) and enable Follow system links (+FollowSymLinks)
Options -Indexes
Options -MultiViews
Options +FollowSymLinks
# Turn on mod_rewrite
RewriteEngine On
# If you have problems with the rewrite rules remove the "#" from the following RewriteBase line
# You will also have to change the path to reflect the path to your Chevereto installation
#RewriteBase /chevereto
# The /api rewrite
RewriteRule ^api$ api.php [L]
# If you want to have your own fancy "image not found" image remove the "#" from RewriteCond and RewriteRule lines
# Make sure to apply the correct paths to reflect your current installation
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule images/.+\.(gif|jpe?g|png|bmp) content/system/img/404.gif [NC,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !\.([a-z]{1,4})$ [NC]
RewriteRule . index.php [L]