SEF URLs in Joomla

Interactive Online > Blog  > CMS  > Joomla  > SEF URLs in Joomla

SEF URLs in Joomla

sh404SEFsh404SEF creates Joomla SEF URL, and turn them to a more user-friendly format for your site visitors, as well as for search engines. It makes use of plugins to process the various components used in a site. Plugins for VirtueMart, Fireboard, Community Builder, iJoomla Magazine, and more are included. A complete list can be found here .

To build up on Joomla SEF URL, it comes with shCustomTags, a module to build and insert in your pages titles and meta tags, insert h1 or h2 tags where needed, and much more. Lastly, it is also a security components : it performs various checks to increase your site security against external attacks.

Main features and advantages:

Joomla SEF and URL rewriting

  • Easy to use : a traditionnal operating mode using mod_rewrite and a .htaccess file, but also a new mode which does not require .htaccess file at all
  • Fast: sh404SEF has a dual URL cache : in memory and in the database. This reduces a lot the number of queries made to the database. On this very site for instance, I have counted:
  • Easy transition if your site currently has either no SEF URL, or uses standard Joomla SEF URL (URL similar to,en). If a search engine or a visitor requests a page using the old style address, because that is what is currently stored in Google or Yahoo, sh404SEF will  automatically perform a 301 redirection to the new address. No need anymore to do this redirection manually in your .htaccess, no risk of damaging your search engines results.
  • Works with Joomfish: translate URL and/or insert a language code. Either can be switched on or off in the backend, on a component by component basis. (tested also with the upcoming Joomfish 1.8 beta release)
  • Integrated Title,Meta, Robots and language tags : automatic generation, plus manually entered tags on a URl by URL basis
  • Duplicate content reduction : very few different URL for the same content. For instance, homepage will always be rewritten to (or No more,,, etc. Several parameters in the backend to manage Itemid if needed, but default settings work well in most cases.
  • Custom plugins for main components, producing nice URLs. You’ll have much control over the output of these sh404SEF plugins, as many parameters are available in the backend.
  • Can use OpenSEF and SEF Advanced sef_ext plugins. No warranties, but tested on SOBI2, Bookmarks, Alphacontent and iJoomlaMagazine
  • Can insert a unique numerical ID in content URL, for inclusion in services such as Google News. Can be switched on or off in the backend, for each category.
  • Manage SSL switch, including using shared SSL. Very useful when using Virtuemart
  • 404 errors logging. Can be turned off in the backend.
  • Interface: English, French, Spanish, German, Italian, Hungarian, Russian, Dutch

Security component

sh404SEF will perform the following checks on all incoming requests (on GET and POST data):

– presence of a mosConfig_xxx variable
– presence of a command
– presence of base64_encode command
– presence of txt files associated with jpg or similar files
– check that variables are numeric only (the variable list is set in backend, comes with a predefined list)
– check that variables are alpha-numeric only (the variable list is set in backend, comes with a predefined list)
– check that variables do not contain http:// or ftp:// (the variable list is set in backend, comes with a predefined list)
– check
incoming IP (white list/ black list set in backend, can have wildcards like 80.89.90.*)
– check incoming
UserAgent string ((white list/black list set in backend)
anti-flooding system : check number of requests from same IP in a given time period (count and period set in backend, applied on all requests,or only on requests with POST data – ie : forms : protect against spam robots
– optional checkup of incoming IP with Project Honey Pot (a free, real-time database of known spammers and attackers IP address)

This protection is applied on SEF URL, Joomla SEF URL and Joomla standard URL. Attacks are logged, and kept for a user set number of month. Failure to one of this test results in a 403 page being displayed. On some tests, the 403 page has a javascript link embedded so that false positive (ie – humans) can still access the requested page.