0

Remove indx.php from URL; always redirect ??/ from ??/index.php

...including subdirectories, which may have their own .htaccess and index.php.

I'm using Apache with .htaccess.

I have a webapp with index.php in a subdirectory of the domain, say here:

example.tld/somedir/

But, it could be installed to any directory, such as these...

example.tld/anotherdir/
sub.domain.tld/
another.tld/
  • Each has its own index.php and its own .htaccess, for our purposes
  • On example.tld/somedir/: example.tld/, sub.example.tld/, et cetera also have their separate index.php and .htaccess, for their separate purposes
  • I need this to still work if placed in a subdir example.tld/dir/ of a WordPress or October or SuitCRM installation at example.tld/.

Always hide index.php via .htaccess

I want to make sure that:

  1. All above four / (root) addresses link to index.php in whatever same directory.
  2. index.php always redirects to / (root)
  3. Examples
example.tld/anotherdir/index.php   -> example.tld/anotherdir/
sub.domain.tld/index.php           -> sub.domain.tld/
another.tld/index.php              -> another.tld/

I need something like this

RewriteRule ^.*$ /{$PWD}/index.php [L,QSA]

...and any Rewrite statements that must precede it.

These Questions do not provide an answer:

Jesse
  • 750
  • 1
  • 9
  • 25
  • What other directives do you have in your `.htaccess` file? (The solution can depend on your existing directives.) – MrWhite May 16 '22 at 15:22
  • Nothing else. But, I would like something other than a sledgehammer that invalidate all other rules, if you know what I mean. Thanks for asking, I hope I might finally get an answer. – Jesse May 16 '22 at 16:14
  • You should never using `index.php` in your URLs or links. `index.php` is the file provides the content for the directory URL. Make sure that you link like `href=/` instead of `href=/index.php` and `href=/foo/` instead of `href=/foo/index.php`. If you had done this consistently from the beginning, then users and crawlers would never know about the `index.php` files and there would be no need to redirect away from `index.php`. – Stephen Ostermiller May 16 '22 at 18:08
  • Must admit, I was assuming (when I wrote my answer) that all internal links do not actually contain `index.php`. If they do then this must be "fixed" before implementing the solution in my answer. – MrWhite May 16 '22 at 18:14
  • ...Good to know, except that we all really do know about index.php and the script kiddies might try something. – Jesse May 16 '22 at 18:45

1 Answers1

3

To serve index.php from the requested directory you use mod_dir's DirectoryIndex directive (which is probably already set in the server config, although defaults to index.html only) - you do not need mod_rewrite for this. For example:

# Serve "index.php" from the requested directory
DirectoryIndex index.php

This instructs Apache to serve index.php from whatever directory is requested. eg. Request /foo/bar/ then /foo/bar/index.php is served via an internal subrequest (no redirect). If index.php is not present in that directory you'll get a 403 Forbidden response (assuming directory listings - as generated by mod_autoindex - are disabled).

To remove index.php from any URL that is requested directly you can use mod_rewrite. For example:

RewriteEngine On

# Remove "index.php" from any URL and redirect back to the "directory"
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^(.+/)?index\.php(/|$) /$1 [R=301,L]

The above will redirect as follows, preserving the requested protocol and hostname:

  • /index.php to /
  • /foo/index.php to /foo/
  • /foo/bar/index.php to /foo/bar/
  • /fooindex.php - NO REDIRECT (404 expected)
  • /foo/index.php/bar (containing path-info) to /foo/ (path-info removed)
  • /foo/index.phpbar - NO REDIRECT (404 expected)

The (optional) capturing group (.*/)? contains the part of the URL-path before index.php. This is then available in the substitution string using the $1 backreference. In the case when /index.php is requested in the document root, this is empty. When a subdirectory is present then this contains a string of the form subdir/, including the trailing slash.

If you have no other directives in your .htaccess file then you don't strictly need the condition that checks against the REDIRECT_STATUS environment variable. This condition ensures that only direct requests are redirected in the case when you have a front-controller pattern later in the file that might rewrite requests to index.php.

If you do have other directives in the file then the order can be important. This rule that removes index.php via an external redirect must go before any existing rewrites, near the top of the file.

Note that this removes index.php from the URL regardless of whether the requested URL actually maps to a real file or whether the preceding URL-path even exists as a physical directory. So, /<something>/index.php is redirected to /<something>/ regardless of whether /<something>/ is a physical directory or not. This check can be implemented at the cost of an additional filesystem check - but it's probably not required.

NB: Test first with a 302 (temporary) redirect to avoid potential caching issues. Only change to a 301 (permanent) redirect once you have tested that it works as intended.

UPDATE#1:

These Questions do not provide an answer:

Actually, the first question you've linked to does answer your question, with regards to removing index.php from the requested URL. It does address subdirectories and would redirect example.tld/dir/index.php to example.tld/dir/ (not example.tld/ as you've stated).

The part of the question that discusses subdomains is a bit misleading as it doesn't really have anything to do with subdomains specifically.

The solution presented in the linked question basically does the same sort of thing as I've done above, except that it arguably matches too much (and not enough). It would incorrectly/unnecessarily redirect /fooindex.php to /foo (no trailing slash) and would fail to redirect URLs that contained path-info (which could be malicious). eg. /foo/index.php/bar would fail to redirect but still serve the contents of /foo/index.php (unless AcceptPathInfo had been disabled). Although whether these "errors" would actually cause an issue in your case is another matter.

UPDATE#2:

I have the code exactly in the directory for example.tld/dir

The code above assumes the .htaccess file is located in the document root. If the .htaccess file is located in the directory of where the app is installed then you would need to modify the above like so:

# Remove "index.php" from any URL and redirect back to the "directory"
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteCond %{REQUEST_URI} ^/(.+/)?index\.php
RewriteRule (^|/)index\.php(/|$) /%1 [R=301,L]

The %1 backreference (as opposed to $1) refers to the captured group in the preceding CondPattern. This naturally includes the full URL-path, so avoids having to hardcode the directory in which the .htaccess file is located.

This applies to the directory that contains the .htaccess file and any subdirectories thereof. Note that, by default, this completely overrides any mod_rewrite directives that might be present in the parent .htaccess file (mod_rewrite directives are not inherited by default).

...including subdirectories, which may have their own .htaccess and index.php.

If additional sub-subdirectories have their own .htaccess file then this may or may not work depending on the directives used in these sub-subdirectory .htaccess files and/or how mod_rewrite inheritance is configured.

mod_rewrite directives do not inherit by default. So, if the .htaccess file in the sub-subdirectory enables the rewrite engine then the above mod_rewrite directives in the parent directory will be completely overridden (they are not even processed).

If, on the other hand, the .htaccess file in the sub-subdirectory uses directives from other modules then this may not be an issue.

MrWhite
  • 43,179
  • 8
  • 60
  • 84
  • I'm sad to report that `example.tld/dir/index.php` redirects to `example.tld`, not `example.tld/dir`. I have the code exactly in the directory for `example.tld/dir`. FYI, the root directory `example.tld/` also has its own .htaccess file. I need your code to take precedent. Should I modify the Question? What do we do? – Jesse May 16 '22 at 18:42
  • @JesseSteele "I have the code exactly in the directory for example.tld/dir" - This code should go in the root directory. (The root directory is always the assumed location for the `.htaccess` file, unless otherwise stated.) I can modify my answer to allow for this, but yes, this does change the question. So, the `.htaccess` file is located in the `/dir` subdirectory and this should also apply to all subdirectories thereof? – MrWhite May 16 '22 at 18:45
  • @JesseSteele Is there only one `index.php` file in whatever subdirectory it might be installed in? And the `.htaccess` file is located in that subdirectory? None in subdirectories thereof? – MrWhite May 16 '22 at 18:47
  • Yes. This .htaccess file should work in whatever directory. `example.tld/dir` or `example.tld/` or `example.tld/dir/diralso/` or `sub.example.tld/`, et cetera. If someone drops this webapp in, say, a subdir of a WordPress site, I want it to still work. I'll modify the Q. – Jesse May 16 '22 at 18:48
  • Only one `index.php`? I suppose there could be others in other sub-sub directories. I just edited to add our discussion in three bullet points just under my redirect goals. But, I suppose, all depending on what else may be in .htaccess at `example.tld/`, another .htaccess at `example.tld/dir/` might not be able to work anyway? I'll accept that, but I'd like to try. – Jesse May 16 '22 at 18:56
  • @JesseSteele I've updated my answer (UPDATE#2) for when the `.htaccess` file is located in a subdirectory (the "root" of the application). – MrWhite May 16 '22 at 20:17
  • 1
    Magical! That did it. The whole thing about "in an app dir, possible subdir of another app"—that was the issue, needing: `RewriteCond %{REQUEST_URI} ^/(.+/)?index\.php` – Jesse May 17 '22 at 08:10