Umi.CMS build .htaccess



  • Good afternoon. Not strong in the building. .htaccess And so there's a question.

    It has three rules:

    RewriteRule ^(.*)\.xml$ index.php?xmlMode=force&path=$1&%{QUERY_STRING} [L]
    RewriteRule ^\/?(udata|upage|uobject|ufs|usel|ulang|utype|umess|uhttp):?(\/\/)?(.*)$ releaseStreams.php?scheme=$1&path=$3?%{QUERY_STRING} [L]
    RewriteRule ^(.*)\.json$ index.php?jsonMode=force&path=$1&%{QUERY_STRING} [L]
    

    Could these protocols be made available only with certain IPs?

    Trying to bet. RewriteCond %{REMOTE_ADDR} =IPbut the internal requests of the site are not being processed, for example AJAX It doesn't work. Is there any way we can solve this moment?



  • Restriction of access to REST-protocols

    To limit access to REST-protocols udata, upage, uobject, usel and others, it is sufficient to change the config.ini file at the root of the site.

    For example, access without restriction to udata protocol uses a parameter:

     udata.http.allow = "1"
    

    To limit, we need to replace this parameter with uobject.http.permissions = ".

    List of possible options:

    admin - accessible only to website administrators (administrator, user with access to the administration of at least one module). sv is only available to superweisers. auth is available only to authorised users. Similar parameters are used for the remaining protocols. Example from my personal website:

     uobject.http.permissions = "sv"
     udata.http.permissions = "sv"
     upage.http.permissions = "sv"
    

    Restriction of access to xml and json data.

    Unfortunately, there are no parameters in config.ini for this task.

    It was finally decided to intercept the date of the page to the buffer, i.e. before the data was sent to the user.

    For starters, you need to include the tracing of this event in the config.ini file:

    buffer-send-event-enable = "1"
    

    Interruption of events (the event file.php in the folder of classes/modules/content template, or custom_events.php in the modular system file):

     new umiEventListener('systemBufferSend', 'content', 'object_redirect');
    

    Rights to access macrosu (permissions.php or permissions_custom.php):

     $permissions= Array(
      'content' => array('object_redirect')
     );
    

    (class.php or custom.php):

    public function object_redirect(iUmiEventPoint $oEventPoint) {
        if ($oEventPoint->getMode() === "before") {
            $buffer = outputBuffer::current();
            $hierarchy = umiHierarchy::getInstance();
            $path = getServer('REQUEST_URI');
            $permsCol = permissionsCollection::getInstance();
            $isSV = $permsCol->isSv();
            if (strpos($path, '.xml') !== false && !strpos($path, 'sitemap.xml') && !$isSV) {
                $path = str_replace('.xml','',$path);
                $buffer->status('301 Moved Permanently');
                $buffer->redirect($path);
            }
            if (strpos($path, '.json') !== false && !$isSV) {
                $path = str_replace('.json','',$path);
                $buffer->status('301 Moved Permanently');
                $buffer->redirect($path);
            }
        }
        return true;
    }
    

Log in to reply
 


Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2