So I am creating a template system that is the same across multiple sites, the only thing that changed is the configuration file. I am making so all the files are getting fetched from the root directory. I can do it with all my php and html files, but I can't see to figure it out on my .htaccess file. How the directory is set up is /home/user_name/template and then there are also folders like /home/user_name/site1.com and all off the sites. So how can I make all of the site use the same .htaccess file. I hope that makes sense!
According to Wikipedia
A .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration. They are placed inside the web tree, and are able to override a subset of the server's global configuration for the directory that they are in, and all sub-directories
From Oracle-Docs :
If you enable .htaccess files, the server checks for .htaccess files before serving resources. The server looks for .htaccess files in the same directory as the resource and in that directory's parent directories, up to and including the document root.
For example,
if the Primary Document Directory is set to /oracle/server/docs
and a
client requests /oracle/server/docs/reports/index.html,
the server will check for :
.htaccess files at /oracle/server/docs/reports/.htaccess and /oracle/server/docs/.htaccess.
suppose you have 2 sites and you want to setup .htaccess for both your both sites using a single file
then just create the file structure like following
parent
site1
site2
.htaccess
Here upload all data of site1 into the site1 folder and so on.
If the server is a linux/posix system, you can create a symbolic link to the root .htaccess file.
This should be something like
cd /home/user_name/site1.com
ln -s ../template/.htaccess .
Beware the file permissions, so only you can write to it.
Related
I have the CakePHP framework installed on my www.vimundos.com linux server, before installing CakePHP in my public_html, I issued a SSL certificate successfully using Let's Encrypt which created a .well-known/acme-challenge/ directory containing some content crucial to the certificate.
Of course after installing the framework, my certificate was removed. CakePHP is not allowing direct access to the directory, I tried using the Route::redirect() feature to map .well-known/* urls to the directory, but i only get a ERR_TOO_MANY_REDIRECTS error.
Not much to do with CakePHP here. You need to update your .htaccess file (if using Apache) or nginx config not overwrite ./well-known/acme-challenge URL. Something like here: How do I ignore a directory in mod_rewrite?
It's implicit from what's in the question that you have this:
public_html
composer.json
.htaccess
index.php
...
webroot
.htaccess
index.php
css
img
js
.well-known
Whatever version of CakePHP you are using, nothing outside the webroot directory is supposed to be directly accessible, and as such neither is the .well-known folder.
There's a very simple solution, just move it into the webroot directory:
public_html
composer.json
.htaccess
index.php
...
webroot
.htaccess
.well-known <- moved
index.php
css
img
js
Note that "webroot" is supposed to be the apache document root if at all possible (a production style install), not a folder in the document root (a development style install).
Let's assume we have a shared host. The web root is located in /home/username/www/. Now, I have a PHP application which reads a configuration file, located at /home/username/www/include/config.json. This configuration file stores passwords and other configuration information. Assuming that access to /home/username/ or any directory outside the web root is not possible, how would I go about securing config.json from people directly GETting it?
If storing configuration information in a plaintext file is not feasible, please advise on other ways to do so.
There are two ways for secure your directory structure and prevent reading other files and content in your directory.
Disable directory content listing
Using htaccess
Putting the following the .htaccess file shall disable directory listing.
Options -Indexes
Using index.html
If the server does not allow this, then the easiest way is to put a dummy index.html file in all directories.
So that when directory path is accessed, the index.html will open up.
Keep resources outside WEB_ROOT
When hosting applications on a server , the path is generally like this :
/var/www/
OR
/home/username/www/
All web content is kept inside www , then only it is accessible on a website. But those contents which are not meant to be directly accessible from a url , can be kept outside the /www.
For example uploaded images , or resource files , or files containing database connection parameters or anything.
php files to be called by browser in
/var/www/
Other resource files in
/var/outside/
By doing this the files automatically become invisible to outside world even if directory listing is enabled.
You need a .htaccess file in your include directory that will make it unavailable from outside:
Options -Indexes
Order allow,deny
Deny from all
or for apache 2.4
Options -Indexes
Require all denied
Another solution would be to move the include to /home/username/include
I need to know if after creating the .htaccess file I have to call it within the index page, knowing that the main page is unique (only index.php) and all pages are taken from a database.
The web server that I use Apache.
The file with filename .htaccess is an extension to the webserver configuration (most commonly httpd.conf) that is loaded automatically by Apache when a file or script is loaded or executed in the directory, or any child-directories, where the .htaccess file is placed.
Furthermore, php scripts (or any scripts for that matter) have no knowledge at all of the existence of a .htaccess, nor should they care. They can be depended on configuration settings however, eg. any rewrite rules that pipe all incoming requests through a so-called front-controller (most commonly index.php), but they do not know of it's existence. Any configuration could also be placed somewhere else in the configuration tree.
For further info I'd advise you to read about Apache, or webservers in general, and learn how a common (http) request is fulfilled. It'll give you some understanding of what the .htaccess file exactly does, and does not, and how it is related, or unrelated, to any scripts.
You don't need to explicitly call the htaccess file from any of the php pages
htaccess rules will automatically apply to all the files and sub folders within the specific folder where htaccess file is placed
You cannot call the .htaccess file, it is an instruction set to the server on how to handle requests (amongst other things). You should place it in the root directory and Apache will look for it automatically when a request to the server is made for any webpage or other file.
You can also have a .htaccess flie in each folder (directory) to control requests specific to it.
I have just installed a CMS and all of my page name file extensions have now changed to .php instead of .html. I am told that editing the .htaccess is the best way to achieve this, however, in order to do that I have to change that in the root of my hosting account and I have multiple domains in my account (hostgator) and I only want the rule to apply to one domain specifically - not all domains. How do I achieve this?
.htaccess files are per-directory settings. You are correct that if you place one in your root directory it will affect all your domains, but the root directory is not the only place a .htaccess file is allowed -- you may put them in your domain-specific folder if you'd like that set of rules to only apply to that domain.
htaccess files affect the directory they are placed in and all sub-directories, that is an htaccess file located in your root directory (yoursite.com) would affect yoursite.com/content, yoursite.com/content/contents, etc. It is important to note that this can be prevented (if, for example, you did not want certain htaccess commands to affect a specific directory) by placing a new htaccess file within the directory you don't want affected with certain changes, and removing the specific command(s) from the new htaccess file that you do not want affecting this directory. In short, the nearest htaccess file to the current directory is treated as the htaccess file. If the nearest htaccess file is your global htaccess located in your root, then it affects every single directory in your entire site.
source
Is it possible to hide a folder from the www directory so that the php files will not be seen if you access it through a web browser?
I'm doing this because I'm not yet good enough to secure those files and the mysql database that they are manipulating.
Or even a trick that would make the web browser not to be able to access the localhost is fine. Please
If you have a directory and you don't want Apache being able to serve any file that's in it, you can create a .htaccess file in that directory, containing :
Deny from all
This will make sure Apache refuses serving any file from that directory -- but they will still be accessible by PHP scripts running from another directory or from the command-line.
If you want Apache to be able to serve the files, but not list the content of the directory when a user accesses that directory without any filename in the URL, you can use this in your .htaccess file :
Options -Indexes
This will disable listing of files inside the directory that contains the .htaccess file -- but will not prevent Apache from serving the files themselves.
Just put the files outside of the document root and include them from there.
A very simple trick if you don't have Apache, hence no access to .htaccess (that sounds like I'm repeating myself), just create a file index.htm or index.html containing NOTHING. Any attempt to access that folder will just show a blank page.