Home/ Questions/Q 9159773
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T13:34:30+00:00

I would like to disable direct access to a Controller/Action in the Yii Framework

  • 0

I would like to disable direct access to a Controller/Action in the Yii Framework, for example login/get, and only be accessible if routed to through CUrlManager.

In my configuration I am routing requests for login to login/get and login/post depending on the HTTP method:

'urlManager' => array(
    'urlFormat' => 'path',
    'showScriptName' => false,
    'caseSensitive' => false,
    'rules' => array(
        // Rewrite GET requests of "login" to "login/get", and POST requests to "login/post".
        array('login/post', 'pattern' => 'login', 'caseSensitive' => false, 'verb' => 'POST'),
        array('login/get',  'pattern' => 'login', 'caseSensitive' => false, 'verb' => 'GET'),
    ),
),

Is there any configuration setting to disallow requests to login/get and login/post, or would the best way be to route those requests to somewhere such as error/404? For example:

array('error/404',  'pattern' => 'login/(get|post)(/.*)?')
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Well your own solutions works just fine,
    the UrlManager requests rules from top to bottom, so it will try the GET/POST first

    so the full answer would be

    'rules' => array(
    // Rewrite GET requests of "login" to "login/get", and POST requests to "login/post".
    array('login/post', 'pattern' => 'login', 'caseSensitive' => false, 'verb' => 'POST'),
    array('login/get',  'pattern' => 'login', 'caseSensitive' => false, 'verb' => 'GET'),
    'login/post'=>'error/404',
    'login/get'=>'error/404',
),

    you can probably just use the rule you gave with regex

    array('error/404',  'pattern' => 'login/(get|post)(/.*)?'
    • 0