I have a Laravel app, and the document root of host is configured at Laravel root folder (upper directory of public).
I tried the following .htaccess to silently rewrite URLs, but it keeps redirecting me to /public, instead of showing domain URL and rewriting it to /public
RewriteEngine On
RewriteRule ^(.*)?$ /public$1 [L,NC]
I want to visit example.com and see my Laravel app, not redirecting user to example.com/public.
This will help you definitely
: Removing the /public segment in a Laravel 4 app
http://creolab.hr/2013/03/removing-the-public-segment-in-a-laravel-4-app/
Create a front controller in the document root, call it index.php. Use this front controller to invoke the front controller in the public folder. Make sure you add the .htaccess to that document root prohibiting all sensitive data from being accessed.
Related
I have two different htacces. One on the root of project and the other one on a subfolder:
root
.htaccess
api
.htaccess
I need to rewrite rule to a specific route on api folder.
In the first .htaccess (inside root) I wrote (but it doesn't works):
RewriteRule "^sitemap\.xml" "/api/aaa/bbb" [L,QSA]
where
/api/aaa/bbb
is a public route (https://myhost.com/api/aaa/bbb) and api folder has the public subfolder with index.php
So I need to have the response of /api/aaa/bbb with the url https://myhost.com/sitemap.xml
How can I rewriterule (not redirect 301) to this specific laravel folder
Do not use .htaccess. Use the exactly path into the route
$router->get('sitemap.xml', 'MyController#myMethod');
Now you can call https://myhost.com/sitemap.xml
and it will load MyController#myMethod
I'm building an application for broad distribution and I want to change the way it's routed so that all the files can exist in the document root but still be secure as if they were above the doc root.
The ideal set up would be to house the application folder above the docroot like so:
/home
/---/username
/---/--->application
/---/---/--->all application files
/---/--->public_html
/---/---/--->all public files
But I know this isn't ideal for all potential users of my app, so I'd prefer to move this to a structure like so:
/home
/---/username
/---/--->public_html
/---/---/--->application
/---/---/---/--->all application files
/---/---/--->public
/---/---/---/-->all public files
Basically just putting everything within the doc root, forbidding access to the application directory, and routing all requests to the public folder, so that we can get the same security of having files above the doc root, but making it simpler for those that may not want this type of set up for their shared hosts.
I was thinking of using an include inside public_html/index.php that would include public_html/public/index.php but I can't seem to get that to work.
Any help would be appreciated.
As I understand it you want to have home/username/public_html as the real Apache Document Root, deny access from the /application directory and, ideally, route all web requests into the /public sub-directory instead (presumably for users not on dedicated servers who can't install outside of the docroot) ... If I've misunderstood the question let me know and I'll update/remove the answer ;)
You should be able to achieve this with an .htaccess file in /home/username/public_html like:
RewriteEngine on
# deny access to the application directory
RewriteRule ^application/? - [F]
# route all requests to the public directory that aren't already there
RewriteRule ^(?!public/)(.*)$ /public/$1 [L,QSA]
Any attempts to access the /application directory will result in a 403 error and all requests to http://www.myserver.tld/file.ext will be routed to http://www.myserver.tld/public/file.ext.
Caveat: To prevent recursive loops of the redirect, the rewrite rule will not redirect any URL path that already begins with /public ... this means that any file under /public will be accessible on both the http://www.mysite.tld/filename.ext and http://www.mysite.tld/public/filename.ext - which may upset search engines.
To be extra safe you could also add an .htaccess file to the /application directory like:
Deny from all
Use this.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ public_html/ [L]
RewriteRule (.*) public_html/$1 [L]
</IfModule>
Are you using any framework in your app?
Have you a sample of code we could access to understand your problem?
Basically, you just need an htaccess in your public_html folder that redirect the request to the public folder and disable the access to any other directory than public.
I have a problem with Codeigniters Security.
My Codeigniter Installation has the Application Folder, System Folder and a Assets Folder.
In my Assets Folder there is a Third Party PHP Script.
I want to Call this Script: DOMAIN/assets/FOLDEROFEXTERNALSCRIPT/EXTERNALPHPSCRIPT.php
Is there a option that i can call this File over the URL without a Controller?
I hope you have removed index.php from your url's which is done by either adding the below rewrite rules in the .htaccess file at your DOMAIN root directory, or by adding these rewrite rules in the virtual hosts.
Below rule means, to rewrite every url to index.php?params except if the current url contains "index.php or assets in it", now you can put any static content or even core PHP scripts in this folder to be access directly, with having CI in picture.
In your .htaccess file just add "assets" folder in the bypass rule, along with index.php
RewriteEngine on
RewriteCond $1 ^!(index\.php|assets)
RewriteRule ^(.*)$ /index.php?$1 [L,QSA]
Under my root web directory, I have this two files:
aboutus.php
about-us.php
Now going to this URL http://local.com/about-us.php will render the file about-us.php. If I will do the inverse, how can I dictate the .htaccess that whenever the URL above is access, the aboutus.php will be rendered?
If you have access to the whole server config, the most efficient way to do this is to use mod_alias. Unfortunately this needs to be done in VirtualHost config - which is only accessible if you got root access to that server.
Alias /about-us.php /full/local/path/to/aboutus.php
If you cannot edit the VirtualHost config, use mod_rewrite (needs more server resources though, as every request has to be matched to those rules):
RewriteEngine On
RewriteRule ^about-us.php aboutus.php [L]
Should do the trick.
I have codeigniter project lets say example.com. In my public_html folder on my server, i created a folder called test and i want to be able to access some file via the web using example.com/test/somefile.php
Since i also have a codeigniter project in the same public_html directory, i always get a codeigniter page not found error when i try example.com/test/somefile.php.
How can i basically tell my server or codeigniter project that the folder "test" is not part of the codeigniter app?
In your .htaccess at the root of public_html, you probably have something like this for routing everything through index.php:
Example taken from the CI user guide: http://codeigniter.com/user_guide/general/urls.html
RewriteEngine on
# If the path doesn't start with one of these...
RewriteCond $1 !^(index\.php|images|robots\.txt)
# ...send the request to index.php/REQUEST
RewriteRule ^(.*)$ /index.php/$1 [L]
Just add "test" to the pipe delimited group, or whatever you need to do to allow access to the directory with your configuration:
RewriteCond $1 !^(index\.php|test|images|robots\.txt)
# ^^^^
Without this CI requires index.php in the URL - there's no way to actually have your Codeigniter app itself redirect, rewrite URLs, or block access to the /test directory, it's generally all done through an .htaccess file.