2

First of all, thanks for RESTLER Framework, it is wonderful!

I've set up Restler API on "http://api.odience.net/" . Restler responds with correct response body but returns a 404 status code if I don't include index.php in the url. I've set up the .htaccess file as said in the examples but I can't figure out why it doesn't reply with the correct status code.

Example:

*- Accessing /sandbox/about/products/en.json (and passing some GET variables + calling the about method of sandbox.php) returns a 404 header even if the body data returned is correct!

*- If we add the "index.php" file to the url, headers are fine!

Try: Access /index.php/sandbox/about/products/en.json (with same GET vars)

Here is my detailed .HTACCESS file for the Restler root directory:

## Can be commented out if causes errors.
Options +FollowSymLinks
<IfModule mod_rewrite.c>
    RewriteEngine On

## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.
##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your API Directory (just / for root).
##
RewriteBase /

#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the reg server folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /server/|(/[^.]*|\.(php|html?|json|xml|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule ^.*$ index.php [QSA,L]
#

</IfModule>

To secure Restler framework, the Restler library files are not available to the web and the API_ROOT/index.php file includes them automatically with a "require_once" command.

Please advise how to make this setup work as expected?

  • I'm currently taking a look at it, I could get the above `.htaccess` file work on an api hosted in subdirectory by setting the RewriteBase correctly. Trying to re-create the same issue on my localhost. Issue could be because of `# Return 403 Forbidden header and show the content of the root homepage RewriteRule .* index.php [F]`. Could you try commenting or removing the whole exploit fix rewrites and see if it works? – Arul Kumaran Jan 10 '12 at 16:26
  • @Luracast I've removed the exploit fixes but same issue! Here's my directories structure if it might help: -html --api ---public <== Contains public index.php and subdomain points here. ---lib ----restler <== Contains RESTLER files ---conf – Amir Moradi Jan 11 '12 at 07:02
  • I could not reproduce the issue on my server. Let me know the version of restler, apache, php you are using – Arul Kumaran Jan 29 '12 at 11:28
  • I have the same problem... it doesn't work without typing index.php: http://stackoverflow.com/questions/12323908/restler-allways-returns-not-found#comment16539694_12323908 – danielrvt Sep 07 '12 at 19:59

1 Answers1

0

Change %{REQUEST_FILENAME} in .htaccess file to %{DOCUMENT_ROOT}%{REQUEST_FILENAME} (it worked for me) Below is my .htaccess file content. HTH

RewriteEngine On 
RewriteBase / 
RewriteRule ^$ index.php [QSA,L] 
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f 
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-d 
RewriteRule ^(.*)$ index.php [L,QSA] 
Ara
  • 409
  • 2
  • 11
  • 24