joomla forbid direct access to components and modules

Question

I activated SEO friendly URLs. Basically URLs in my app looks like following: http://x.com/en or http://x.com/en/gallery.

From my app there is no link, let's say, on com_users. But user still can open it with one of the following URLs: http://x.com/component/users or http://x.com/?option=com_banners.

I blocked first one with this:

RewriteCond %{REQUEST_URI} /component/ [NC]
RewriteRule ^.*$ - [F,L]

How can I block the second (?option=com_users)?

I understand that this behavior could be default and expected for Joomla, but I just want to give you one example.

When I allowed access to all my pages for only registered users they still are able to access components. At the same time in Joomla administration there is no permission for read. Finally, users are getting template page or some data if it is public, for ex., articles from com_content. And question: how to raise 403 in this case or, at least, redirect to / ?

Update: I need to block /users?view=registration, reset remind and profile. And I need to redirect any error to login page. Doesn't matter whether it is whole Joomla component or view, task etc.

Answer 1

I wrote my own plugin to handle all cases and redirect to login page (/login) in case of any inconvenience. By inconvenience I mean any direct access to any component in Joomla, or 403, or 404, but not 500. For now, my application works very well accepting only following URLs: /login, /home, /gallery, /gallery/album/any, and few others. Direct access is totally forbidden, though, user cannot use URL params (like ?option=com_users) or /component/ path.

This approach wouldn't work with SEO URLs turned off.

<?php // no direct access
defined( '_JEXEC' ) or die( 'Restricted access' );

jimport( 'joomla.event.plugin' );

class  plgSystemComontrol extends JPlugin {

    function plgSystemComcontrol(& $subject, $config) {
        parent::__construct($subject, $config);
    }

    function onAfterRoute() {
        //  get plugin parameters
        $com_redirect_url = $this->params->def('com_redirect_url', 'index.php?option=com_user&view=login');
        $com_debug = $this->params->def('com_debug', '0');
        $com_message = $this->params->def('com_message', '');

        // get option, view, task ..
        $mainframe = JFactory::getApplication();
        $option = JRequest::getCmd('option');
        $view = JRequest::getCmd('view');
        $task = JRequest::getCmd('task');

        //  get current URL
        $uri = JFactory::getURI();
        $url = $uri->toString();
        $u_host = $uri->getHost();
        $u_path = $uri->getPath();
        $path = substr($url, strlen(JURI::root()));

        // get user permissions
        $groupsUserIsIn = JAccess::getGroupsByUser(JFactory::getUser()->id);
        $user_type = implode(" ",$groupsUserIsIn);
        $group_sum = array_sum($groupsUserIsIn);

        if ($com_debug == '1') {
            $mainframe->enqueueMessage('--------------------------------');
            $mainframe->enqueueMessage('$option = '.$option);
            $mainframe->enqueueMessage('$view = '.$view);
            $mainframe->enqueueMessage('$task = '.$task);
            $mainframe->enqueueMessage('$url = '.$url);
            $mainframe->enqueueMessage('$path = '.$path);
        }

        if (strpos($path, 'administrator') === 0) {
            return;
        }

        // set default redirect page
        $redirectPage = ($group_sum > 1) ? 'index.php' : 'index.php/login';
        $directAccess = strpos($path, 'component') !== false || strpos($path, 'option') !== false;

        // allow login page only
        if ($option == 'com_users') {
            if (($view == 'login' || empty($view) || $task == 'user.login' || $task == 'user.logout') && !$directAccess) { // $view == 'default'
                return;
            } else {
                $mainframe->redirect($redirectPage, $directAccess ? 'Direct access to components forbidden' : 'Login/logout is enabled only');
                //JError::raiseError(403, JText::_('Forbidden'));
                //return;
            }
        }

        // deny direct access to components
        if ($directAccess) {
            $mainframe->redirect($redirectPage, 'Direct access to components forbidden');
            //JError::raiseError(401, JText::_('/component/'));
        }

        // get usertype to see if logged-in
        // $user =& JFactory::getUser();
        // $user_type = $user->get('usertype');
        $groupsUserIsIn = JAccess::getGroupsByUser(JFactory::getUser()->id);
        $user_type = implode(" ",$groupsUserIsIn);
        $group_sum = array_sum($groupsUserIsIn);
        if ($group_sum > '1') {
            return ;
        }

        //if user logged-in, then return from function
        if (empty($option)) {
            return;
        }

        $mainframe->redirect( $com_redirect_url, $com_message );

        return;
    }
}
?>

I hope this will help to understand how to do some custom redirects and disable direct access to the components.

Answer 2

I would go another way, and use rel=canonical for this.

This is a much easier/better way of doing things, as the tag will appear on all "Page Versions" and you don't need to set many case-specific rules or carry around a heave redirect file...

This is just one Plugin that will help your canoniczlization.

http://extensions.joomla.org/extensions/site-management/seo-a-metadata/meta-data/11038?qh=YTo0OntpOjA7czo5OiJjYW5vbmljYWwiO2k6MTtzOjExOiInY2Fub25pY2FsJyI7aToyO3M6MTI6IidjYW5vbmljYWwnLiI7aTozO3M6NToiY2Fub24iO30%3D