This new post from the Mind Tree blog (at hurricanesoftware.com) asks the question "why do you care about friendly URLs in PHP applications?"

Nice URLs, readable URLs, search-engine-friendly URLs. Different names same deal. [...] Turns out this isn't all that hard with PHP - in fact it can turn into something that's very useful from more than just a readability viewpoint.

He shows how to use mod_rewrite and an .htaccess file to automatically grab the request and map it to the right place. Then, the PHP script looks at the incoming data and pushes the correct page back out to the browser. He's also included some modifications to the original idea that allow for numeric grouping and named groups for rewriting content.

Jonathan Snook has posted a helpful trick for CakePHP users out there looking to secure sections of their site away from "normal users" and keep it only in the hands of the admins.

I just wanted to document this for easy future reference but if you don't want to hook up a complex user adminstration with authorization components, you can simply specify that the admin path be password protected in either your .htaccess file or in your httpd.conf.

This method is actually one of the built-in methods Apache has for restricting access (http authentication) that he's placed on his "/admin" directory. Call htpasswd to create the password file and you're all set to go.

Nessa has posted another new tutorial based around her experiences with suPHP. This time it deals with using an .htaccess file for changing the settings of the PHP installation.

First of all, if you'd rather use the .htaccess than the php.ini capabilities of a phpsuexec environment, then shame on you. But, we have some customers who are terrified of php.ini and would rather use the .htaccess. So what? Ok, well there is a workaround.

The connecting piece is the htscanner extension - she includes installation instructions and how to include it into your PHP installation (as well as how to set the PHP values in the .htaccess).

From the Ask Apache blog, there's a quick tip that makes it simple to give your site's visitors the option to either download or view a PDF file no matter what their browser default is.

One of the most annoying things on the Internet for me is when I click on a link to an Adobe PDF file. For me this is annoying to the extreme because the PDF file is openened directly in your browser because of the Adobe PDF Plugin that almost all browsers have installed. [...] For me an ideal solution would be to offer me choices.

His solution uses mod_rewrite in an .htaccess file to push the visitor to a PHP file. This file grabs the filename they want and pulls in the content, pushing it back out the other side with the "attachment" header that forces a request box on the browser.

Dave Dash has another performance tip for Symfony users involving a simple change involving your .htaccess file.

One performance boost that can be garnered from a symfony app (or any app for that matter) is disabling .htaccess. .htaccess does not need to be parsed on each visit to your app. Disabling .htaccess is trivial in your VirtualHost or another relevant part of your apache configuration place.

The information (like routing rules) that was inside of the .htaccess is then moved back into the VirtualHost inside the Apache configuration to make for less files the Apache instance needs to open to get its job done.

Brian Nelson submitted a link to a new class he's developed to fill a hole he hand and didn't see anything that would easily fill it - having a reverse proxy in PHP5.

So I have been working on a little class to run a reverse proxy from PHP using cURL. I have extended this class for my own purposes (single-sign-on) to handle some special request parameters, but here it is. It has some warts, but it's a good starting point. I would appreciate any pointers anyone has to offer.

His code uses the cURL functionality to set up a handler to push the requests through. Also included are an htaccess file and a two-line PHP example of how to use it to request a public site.

In a quick new post from Brent Meshier today, he shows us how, with the help of a database CVS file, to block visitors to your site from certain locales.

A client asked me last night if it was possible to block certain countries from accessing his website. He's concerned about the "axis of evil" and their comrades downloading his software. The task is easily accomplished, although it's like using a sledge hammer to tap in a finishing nail. He didn't seem too concerned that we could accidentally block Uzbekistan in the process. Unfortunately his entire site uses plain .html files, no dynamic scripting. This led me to using a slightly creative solution with .htaccess.

Broken up into five simple steps, he makes a light function to drop into an output buffering function to tell it to either show the normal content or return a 401 Unauthorized header to the visitor.

On ibzi's blog today, there's a quick guide to introducing caching to your PHP application via a simple PHP file to create the cached pages.

Caching your pages can be pretty useful, especially if you have PHP-generated pages that uses a lot of MySQL queries. Once your pages are cached, your server won't waste speed and RAM on regenerating the pages, it will just load it from the cache. I'm going to show you how to get PHP to cache your pages, and you can probably do this within 5 minutes.

You'll need to be able to add (and use) an .htaccess file for Apache to use this method, but once it's set up, the simple script works like a charm. It prepends the caching functionality to each page and checks to see if a copy already exists. If it does, it displays it and if not, it will display it and create the cached file.

Pierre-Alain Joye has posted several new updates concerning the packages he works on - Zip and a new offering, htscanner.

The first two concern the htscanner package - first, the initial release of the extension that works to emulate htaccess support for non-Apache web servers (like FastCGI or lighttpd). The second related post notes that that Windows binaries for the functionality are also posted on the pecl4win website.

Next on his list were some update to the Zip PECL package, a fix to correct issues found when using PHP versions 5.1.0, 5.1.1, and 5.1.2 (due to an internal function name issue).

Greg Beaver has posted some tips he has (with a few updates along the way) about protecting your MySQL username and password in a PHP script, hiding the plain-text version from would-be attackers.

Two days ago, I gave a talk at the University of Nebraska-Lincoln's computer science department colloquium on open source. At the reception preceding the talk, one of the students asked if there was a good way to protect the user/password of his MySQL scripts. This is an issue I have never run up against because we have a unique IP on the webhost, and it doesn't matter whether someone knows the user/pass, they can only connect directly from that host (and if someone can hack into the host, I doubt the database is the only thing that will be compromised).

The dilema was caused by the shared hosting of the students' sites and the plain-text storage of their database user/pass in a Wordpress file. Greg suggested two methods, one where each user gets their own Apache space, and another where the password is stored in a read-only file that just the server has access to.

Chris Shiflett came back with a comment, however, about another, more secure mthod - using an .htaccess that only the user can work with (and can change at any time) containing and setting Apache environment variables the script could then pull.