I'm in the dev environment and I have preference on using Apache instead of symfony default server.
I installed symfony/apache-pack as suggested in documentation but my app is currently under public folder - http://localhost/SITENAME/public/.
I.e. If I type http://SITENAME in a browser I get a list of folder structure which I believe is unsafe. Will adding .htaccess "Options -Indexes" rule file inside root folder fixes the problem?
I believe the default path shoot be: http://localhost/SITENAME or http://localhost/SITENAME/route-name. How do I achieve that?
Related
Following an audit, I've been tasked to remove extraneous files from the Twig 1.x vendor directory in one of our sites. Planning on removing /twig/twig/doc, /twig/twig/test and see if anything breaks.
What about /twig/twig/ext/twig/run-tests.php, or the entire "ext" directory?
Does anyone have prior experience weeding a default Twig 1.x installation for production environments? Any assistance or advice gratefully welcomed.
The correct action would be to update your site's layout so that these files are outside your web server's document root -- then you don't have to worry about what to delete and what to leave. You probably have something like this, where your web server's document root is pointing directly at /path/to/project:
/path/to/project
/lib
foo.php
bar.php
/twig
/twig
/doc
/test
index.php
This means anybody can directly request http://yourdomain.com/twig/twig/test/some_file.php
What you want is more like this:
/path/to/project
/public
index.php
/lib
foo.php
bar.php
/twig
/twig
/doc
/test
Then configure your web server so that its document root is /path/to/project/public. Then your application code can still include() things in /twig and /lib, but your web server won't directly serve them.
If your removing files from the vendor directory they'll come back the next time you do a composer install so this seems kind of pointless.
The files you mention (docs and test) are causing no harm other than taking up space as they are not directly called, but that's just a downside to any package management system. Like #Alex said as long as they are not publicly accessible there is no need to worry.
If you really want Twig without the extra files you could fork the project, move it into your own Git repo then reference that in your composer.json instead of the official one - but you will miss out on any updates from Twig.
We're running on Apache, so the easiest solution was to simply add a .htaccess file to the top vendor directory:
# Prevent non-local access to the vendor directory.
Order deny,allow
Deny from all
Directory structure:
/root
/vendor
.htaccess
/twig
...
/includes
...
Now the PHP scripts continue to have access, but external attempts to view anything inside the vendor directory return a 403 error.
Is there any way to change the default folder structure of zend framework 2?
My specific need is to remove/rename public folder.
Also, I would like to remove public from URL also.
I tried many things using htaccess but nothing works for zend 2.
The default folder structure is just a convention, there's nothing particular that relies on it. However, it is a sensible convention, and instead of trying to change it you should probably try and fix the real problem instead.
If public/ is appearing in the URL, either your VirtualHost is not setup correctly or you're using shared hosting and can't change the VirtualHost. The installation instructions have example vhosts for Apache - the key thing is having your document root pointing at the public folder, not the application root.
I am using Cakephp3 and would like to know if there is a better alternative to relocating the config folder.
The issue rises from the fact that everytime I have to refresh the production app, i copy over the entire app from development to production and reconfigure the required settings in the config folder.
After some iterations of this process, I started to make a backup of the config folder and after copying the app, restore the config folder.
After some time even this started to get tedious, so I ended up hacking the cake files and folders.
I relocated the config folder outside the root directory
Created a symbolic link in the root directory poiting to the config directory outside the root directory.
Updated the ROOT constant in config/paths.php to the real root folder
In webroot/index.php redefined the bootstrap.php require location
So as long as long as I dont update the cakephp core, I can copy over the dev app to the prod app and all the config stays the same.
I would like to know if some one has a simpler approach.
Thanks
After some research and reading carefully the comments in related bootstrap file, I found a solution for, well at least, my problem.
The problem basically was that I had to refresh the database, email, debug settings define in the app.php file, everytime I uploaded the app from my dev server to my prod server.
Reading the comments in the bootstrap file I found the comment which stated:
Load an environment local configuration file.
You can use a file like app_local.php to provide local overrides to your
shared configuration.
So this allows me to redefine the configurations defined in the app.php file. However I wanted this to me more dynamic, so I ended up creating an APP_INSTANCE_NAME constant in the bootstrap.php file of the webroot directory as follows
// /config/bootstrap.php
define('APP_INSTANCE_NAME', strtolower(gethostname()));
and later in the bootstrap file, i did the following:
Configure::load('app_' . APP_INSTANCE_NAME, 'default');
with this change, the configuration that gets loaded is based on the server hostname and I dont have to relocate the config folder. Hope this helps someone with cakephp3
Thanks to jason and greg's comments which motivated me to read the comments more carefully.
I'm new in Laravel 5.
I found this Laravel 5 - Remove public from URL on Stack Overflow to remove public folder from my Laravel 5 App. Only I have a question about the security.
When I am removing public from URL, then I have to change the basic folder structure of Laravel 5. Yes, it's working fine without the public from the URL.
But what's about the security of Laravel, because I am changing the default folder structure? Is it secure to use?
You should be pointing your Apache host root to the $LARAVEL_PATH/public directory instead of $LARAVEL_PATH.
The point of having sub directory for www host root instead of project root is that you're not leaking any of your project files through your web server.
Even though all the PHP files have the file suffix .php, malicious user can access your $LARAVEL_PATH/storagedirectory and its subdirectory contents, read your composer.json or package.json to find vulnerable dependencies or read .env file etc.
If you're running on shared hosting and you have mandatory public_html, try installing Laravel outside of that public_html directory and either removing public_html (if empty) and replace it with symlink to $LARAVEL_PATH/public OR if you want the Laravel instance to be subdirectory ofpublic_html, do the same but create symlink from$LARAVEL_PATH/publictopublic_html/$PROJECT_SUBDIR`.
That public directory is there for reason to make project a bit more secure. Solve the actual problem and don't try to break this simple but nice security addition. :)
you this link you provided is not about changing the actual file structure of the framework, this example uses mod_rewrite to rewrite the url of your application. In other words you are telling your server that you would like to point to that directory without the full path is visible to the end user.
Also take a look on the below answers of the link you've provided.
Rename the server.php in the your Laravel root folder to index.php and
copy the .htaccess file from /public directory to your Laravel root
folder. -- Thats it !! :)
I am a cakephp newbie and I had trouble to view the files under the view folder through browser.
I used cakephp console to bake model, controller and views. (ex: Invoices_controller.php for controller, invoice.php for model and a invoices folders under views folder). According to the tutorial I read, I can access the invoice view by typing http://localhost/myProject/invoices
(there is no index.php inside the invoices folder..but the tutorial shows it still can display a page. no idea how they did it)
The path for my invoices is myProject/views/invoices and there add.ctp, index.ctp, edit.ctp files inside the invoices folder.
The browser showed the file is not found when I typed http://localhost/myProject/invoices
You have some lack in your knowledge about how the webserver handling a request when cakephp is installed. Assume that we use apache.
In cake's folder structure you can see .htaccess files in the root, app and webroot directories what have url rewrite rules in them. At the end a normal request to a cakephp site will be transformed to a http://site.url.root/app/webroot/index.php?url=original.url
In nutshell to understand it in your point of view:
That index.php call the required php files and at least a cakephp app object is built up in the memory with the required models and methods. Then the app object let say start and calls its methods (model, controller and view methods) and at the end it gives back a result to apache what serves it to you.
Therefore the original url path is a "non existent" virtual url.
If you enter http://localhost/myProject/ do you get a cake intro page? If so does it highlight any problems?
It sounds to me as if you do not have Apache set up properly. I don't know what OS you're using, but it might be worth checking this link, written for Ubuntu, to make sure all is well: http://leoponton.blogspot.com/2010/05/getting-cakephp-up-and-running-on.html
I fixed the same problem.
if you are using windows 7 os, wamp server, cakephp 2.2.3. then
goto apache -> http.conf -> open -> search for mod_rewrite -> uncomment the line LoadModule rewrite_module modules/mod_rewrite.so
Now restart your server, now it should work fine.
Jerry, I think the issue is this. You have put the CakePHP folder in the root of localhost. I would propose that you create a virtual host pointing the myProject so the url becomes:
http://myProject/accounting
This may solve your problem. Be sure rewrite module is on. Also, when you point the virtual host to myProject, it should be the APP folder of the cakephp. If you want to run multiple projects off the same core, you can set them up like so:
/var/www/cake
/var/www/html/myProject
/var/www/html/myProject2
The /var/www/cake directory is where you drop the cake core. Under this directory you will have cake, app, plugins, vendors, etc. the myProject(2) directories will be the contents of the app directory.
Now, to get this to work, you need to go to /var/www/html/myProject/webroot/index.php and edit it to point to the cake directory in /var/www/cake. This will then load the core when rewrite points to index.php in webroot. You should be good to go!