Understand and Enable Search Engine Friendly (SEF) in Joomla

Search Engine Friendly(SEF) also known as human readable URL. With the most famous Web Service like Nginx, Apache and IIS7, they do support URL rewrite or mod_rewrite to rewrite the human readable URL such as www.domain.com/about instead of www.domain.com/about.html.

With Joomla 1.5 and above, Joomla come with 3 option from your Global Configuration.
–  Search Engine Friendly URLs – With this option enabled, SEF will enable and your URL will look like, http://www.example.com/index.php/the-­news/1-­latest­-news/1­-welcome­-to­-joomla.
– Use Apache mod_rewrite/URL rewriting – With this option enabled, mod_rewrite will eliminate inde.php and your URL will look like, http://www.example.com/the-­news/1­-latest-­news/1-­welcome-­to­-joomla
– Add suffix to URLs – With this option enabled, your URL will added .html at the end of the URL and it will look like http://www.example.com/the-­news/1­-latest-­news/1-­welcome-­to­-joomla.html

Nginx
To enable SEF with Nginx, add the following line to your (vhost)nginx.conf file.

# Support Clean (aka Search Engine Friendly) URLs</tt>
        location / {
                try_files $uri $uri/ /index.php?q=$request_uri;
        }

Apache
To enable SEF with Apache server, you may easily rename the htaccess.txt to .htaccess file. This step is not necessary as you may get your .htaccess file generated if it is install in  own folder.

IIS 7
With IIS 7, you may choose to use GUI or directly add it from web.config file.

With GUI interface, you may add the following option from the URL rewrite option.

Pattern field: ^([^/]+)/?$
Ignore case ON
Action type: Rewrite
Rewrite URL: index.php/

 Otherwise, you may add the following line to your web.config file.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <clear />
                <rule name="Common Exploit Blocking" stopProcessing="true">
                    <match url="^(.*)$" />
                    <conditions logicalGrouping="MatchAny">
                        <add input="{QUERY_STRING}" pattern="mosConfig_[a-zA-Z_]{1,21}(=|\%3D)" />
                        <add input="{QUERY_STRING}" pattern="base64_encode.*\(.*\)" />
                        <add input="{QUERY_STRING}" pattern="(\&lt;|%3C).*script.*(\>|%3E)" />
                        <add input="{QUERY_STRING}" pattern="GLOBALS(=|\[|\%[0-9A-Z]{0,2})" />
                        <add input="{QUERY_STRING}" pattern="_REQUEST(=|\[|\%[0-9A-Z]{0,2})" />
                    </conditions>
                    <action type="Redirect" url="index.php" appendQueryString="false" redirectType="SeeOther" />
                </rule>
                <rule name="Joomla Search Rule" stopProcessing="true">
                    <match url="(.*)" ignoreCase="true" />
                    <conditions logicalGrouping="MatchAll">
                        <add input="{URL}" pattern="^/search.php" ignoreCase="true" />
                    </conditions>
                    <action type="Rewrite" url="/index.php?option=com_content&amp;view=article&amp;id=4" />
                </rule>
                <rule name="Joomla Main Rewrite Rule" stopProcessing="true">
                    <match url="(.*)" ignoreCase="true" />
                    <conditions logicalGrouping="MatchAll">
                        <add input="{URL}" pattern="(/[^.]*|\.(php|html?|feed|pdf|raw))$" />
                        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
                    </conditions>
                    <action type="Rewrite" url="index.php/" />
                </rule>
            </rules>
        </rewrite>
        <caching>
            <profiles>
                <add extension=".php" policy="DisableCache" kernelCachePolicy="DisableCache" />
            </profiles>
        </caching>
    </system.webServer>
</configuration>

Prevent SQL injection by using IIS URL Rewrite

Nowadays, a bad or unoptimizes SQL query could easily compromised or get attacked. However you may try to reduce or prevent (Don’t say avoid, it is not possible, keke) the SQL injection through your expression rules.

If you are using IIS as your web engine, you may use some expression to reduce the SQL injection.

[dD][\%]*[eE][\%]*[cC][\%]*[lL][\%]*[aA][\%]*[rR][\%]*[eE][\s\S]*[@][a-zA-Z0-9_]+[\s\S]*[nN]*[\%]*[vV][\%]*[aA][\%]*[rR][\%]*[cC][\%]*[hH][\%]*[aA][\%]*[rR][\s\S]*[eE][\%]*[xX][\%]*[eE][\%]*[cC][\s\S]*

Continue reading Prevent SQL injection by using IIS URL Rewrite

How to check Joomla version from backend

With this article, Mick Genie will guide you how to search the Joomla version from the back-end scripting.

Refer to the following command to grep the Joomla version.

[email protected] [~]# grep version language/en-GB/en-GB.xml
<?xml version=”1.0″ encoding=”utf-8″?>
<metafile version=”1.5″  client=”site” >
<version>1.5.15</version>