I would like to disable direct access to a Controller/Action in the Yii Framework, for example login/get, and only be accessible if routed to through CUrlManager.
In my configuration I am routing requests for login to login/get and login/post depending on the HTTP method:
'urlManager' => array(
'urlFormat' => 'path',
'showScriptName' => false,
'caseSensitive' => false,
'rules' => array(
// Rewrite GET requests of "login" to "login/get", and POST requests to "login/post".
array('login/post', 'pattern' => 'login', 'caseSensitive' => false, 'verb' => 'POST'),
array('login/get', 'pattern' => 'login', 'caseSensitive' => false, 'verb' => 'GET'),
),
),
Is there any configuration setting to disallow requests to login/get and login/post, or would the best way be to route those requests to somewhere such as error/404? For example:
array('error/404', 'pattern' => 'login/(get|post)(/.*)?')
Well your own solutions works just fine, the UrlManager requests rules from top to bottom, so it will try the GET/POST first
so the full answer would be
'rules' => array(
// Rewrite GET requests of "login" to "login/get", and POST requests to "login/post".
array('login/post', 'pattern' => 'login', 'caseSensitive' => false, 'verb' => 'POST'),
array('login/get', 'pattern' => 'login', 'caseSensitive' => false, 'verb' => 'GET'),
'login/post'=>'error/404',
'login/get'=>'error/404',
),
you can probably just use the rule you gave with regex
array('error/404', 'pattern' => 'login/(get|post)(/.*)?'