XF 2.2 Any way to stop generating "index.php?_debug=1" page unless debug mode is specifically enabled in the config.php?

[ShikiSuen]

Any way to stop generating "AnyPHPPage.php?_debug=1" page unless debug mode is specifically enabled in the config.php?

I am writing an addon disabling some over-information in the footer debug:
(Hotlink towards the "AnyPHPPage.php?_debug=1" has been removed; Only Data-Template appears in the popup.)


The rest is to either stop the generation of "AnyPHPPage.php?_debug=1" or block its access, and I have no clue with that.

P.S.: AnyPHPPage may refer to index.php or admin.php... any XF php page accessible in the public, including the admincp login page.

 

[ShikiSuen]

Update: I tried using the following Nginx rewrite rule but it doesn't work:

rewrite ^/(.*)_debug=1(.*)$ https://www.gotohell.com permanent;

 

[ShikiSuen]

Someone suggested me this idea and it works well as a workaround:

    if ( $query_string ~* ^(.*)_debug=1(.*)$ ){
         return 444;
     }

However, I wonder whether there's an official solution to stop generating such webpage.

 

[Kirby]

I am not sure if I understand the question:
Debug pages (?_debug=1) are only available if debug mode is enabled, so what exactly do you want to prevent?

 

[ShikiSuen]

I am not sure if I understand the question:
Debug pages (?_debug=1) are only available if debug mode is enabled, so what exactly do you want to prevent?

Debug pages at this moment (in XF 2.2.5) are enabled even if you disabled debug mode in config.php, as long as your development mode is enabled.

 

[Kirby]

Debug pages are only avialable if debug mode is enabled, though you are right - development mode implicitly enables debug mode.
So what you want to achive is to not have debug mode implicitly enabled if development mode is enabled?

 

[ShikiSuen]

Debug pages are only avialable if debug mode is enabled, though you are right - development mode implicitly enables debug mode.
So what you want to achive is to not have debug mode implicitly enabled if development mode is enabled?

Yes. We need some hot modifications towards "template modification" area which require dev mode to edit.

 

[Lukas W.]

Yes. We need some hot modifications towards "template modification" area which require dev mode to edit.

You'd be most likely better off to only turn on debug and development mode for certain IP addresses in your config then instead. That'll save you the headache of filling all the security holes you open up with it

 

[NikitOS]

You can stop generating by adding this to config.php:

$c->extend('request', function($o, $c)
{
    $o->set('_debug', 0);

    return $o;
});

 

[ShikiSuen]

You can stop generating by adding this to config.php:

$c->extend('request', function($o, $c)
{
    $o->set('_debug', 0);

    return $o;
});

Thanks a lot.

 

[ShikiSuen]

You'd be most likely better off to only turn on debug and development mode for certain IP addresses in your config then instead. That'll save you the headache of filling all the security holes you open up with it

I tried IP-Address-based setup in the config file but it doesn't work.
Plus, ISPs in Mainland China only gives us dynamic IPv4 addresses.
(Most infrastructures are not that compatible with IPv6 yet.)