I'm building an application for broad distribution and I want to change the way it's routed so that all the files can exist in the document root but still be secure as if they were above the doc root.
The ideal set up would be to house the application folder above the docroot like so:
/home
/---/username
/---/--->application
/---/---/--->all application files
/---/--->public_html
/---/---/--->all public files
But I know this isn't ideal for all potential users of my app, so I'd prefer to move this to a structure like so:
/home
/---/username
/---/--->public_html
/---/---/--->application
/---/---/---/--->all application files
/---/---/--->public
/---/---/---/-->all public files
Basically just putting everything within the doc root, forbidding access to the application directory, and routing all requests to the public folder, so that we can get the same security of having files above the doc root, but making it simpler for those that may not want this type of set up for their shared hosts.
I was thinking of using an include inside public_html/index.php that would include public_html/public/index.php but I can't seem to get that to work.
Any help would be appreciated.
As I understand it you want to have home/username/public_html as the real Apache Document Root, deny access from the /application directory and, ideally, route all web requests into the /public sub-directory instead (presumably for users not on dedicated servers who can't install outside of the docroot) ... If I've misunderstood the question let me know and I'll update/remove the answer ;)
You should be able to achieve this with an .htaccess file in /home/username/public_html like:
RewriteEngine on
# deny access to the application directory
RewriteRule ^application/? - [F]
# route all requests to the public directory that aren't already there
RewriteRule ^(?!public/)(.*)$ /public/$1 [L,QSA]
Any attempts to access the /application directory will result in a 403 error and all requests to http://www.myserver.tld/file.ext will be routed to http://www.myserver.tld/public/file.ext.
Caveat: To prevent recursive loops of the redirect, the rewrite rule will not redirect any URL path that already begins with /public ... this means that any file under /public will be accessible on both the http://www.mysite.tld/filename.ext and http://www.mysite.tld/public/filename.ext - which may upset search engines.
To be extra safe you could also add an .htaccess file to the /application directory like:
Deny from all
Use this.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ public_html/ [L]
RewriteRule (.*) public_html/$1 [L]
</IfModule>
Are you using any framework in your app?
Have you a sample of code we could access to understand your problem?
Basically, you just need an htaccess in your public_html folder that redirect the request to the public folder and disable the access to any other directory than public.
Related
Site location: http://localhost/~username/website
The website loads lots of images with an absolute url such as /image/image.png.
I need that request to go to:
http://localhost/~username/website/image/image.png
instead of
http://localhost/image/image.png.
I also need this to not affect any other folders or the root folder. So that I could also access http://localhost/image/image.png if I wanted to.
Is there some way of making it so that when it's requested from this subfolder to redirect?
I want the absolute reference like /css/something.css and /image/image.png to points to /subdirectory/css/something.css and /subdirectory/image/image.png. That way I don't have to rewrite all the absolute references. So, I don't want to modify the root directory.
I'm wondering if setting up a virtual host that would not allow the subdirectory "website" to have no ability to access the root. I don't ever need root access from this folder.
Be sure you are allowed to use .htaccess file in your webserver. Look at this how to enable in apache:
https://www.digitalocean.com/community/tutorials/how-to-use-the-htaccess-file
Create a .htaccess file in root or ~username/website directory Then write this to your .htaccess file:
Options +FollowSymLinks
RewriteEngine On
RewriteRule ^~username/web/image/(.*) /image/$1
Why the requirement to use /image/image.png? Why wouldn't you just use one of these instead:
http://localhost/~username/website/image/image.png (absolute)
image/image.png (relative without preceding slash)
You can use this rule in root .htaccess OR in Apache/vhost config:
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/~
RewriteRule ^(.*)$ ~username/website/$1 [L]
I have a Laravel app, and the document root of host is configured at Laravel root folder (upper directory of public).
I tried the following .htaccess to silently rewrite URLs, but it keeps redirecting me to /public, instead of showing domain URL and rewriting it to /public
RewriteEngine On
RewriteRule ^(.*)?$ /public$1 [L,NC]
I want to visit example.com and see my Laravel app, not redirecting user to example.com/public.
This will help you definitely
: Removing the /public segment in a Laravel 4 app
http://creolab.hr/2013/03/removing-the-public-segment-in-a-laravel-4-app/
Create a front controller in the document root, call it index.php. Use this front controller to invoke the front controller in the public folder. Make sure you add the .htaccess to that document root prohibiting all sensitive data from being accessed.
Under my root web directory, I have this two files:
aboutus.php
about-us.php
Now going to this URL http://local.com/about-us.php will render the file about-us.php. If I will do the inverse, how can I dictate the .htaccess that whenever the URL above is access, the aboutus.php will be rendered?
If you have access to the whole server config, the most efficient way to do this is to use mod_alias. Unfortunately this needs to be done in VirtualHost config - which is only accessible if you got root access to that server.
Alias /about-us.php /full/local/path/to/aboutus.php
If you cannot edit the VirtualHost config, use mod_rewrite (needs more server resources though, as every request has to be matched to those rules):
RewriteEngine On
RewriteRule ^about-us.php aboutus.php [L]
Should do the trick.
I have codeigniter project lets say example.com. In my public_html folder on my server, i created a folder called test and i want to be able to access some file via the web using example.com/test/somefile.php
Since i also have a codeigniter project in the same public_html directory, i always get a codeigniter page not found error when i try example.com/test/somefile.php.
How can i basically tell my server or codeigniter project that the folder "test" is not part of the codeigniter app?
In your .htaccess at the root of public_html, you probably have something like this for routing everything through index.php:
Example taken from the CI user guide: http://codeigniter.com/user_guide/general/urls.html
RewriteEngine on
# If the path doesn't start with one of these...
RewriteCond $1 !^(index\.php|images|robots\.txt)
# ...send the request to index.php/REQUEST
RewriteRule ^(.*)$ /index.php/$1 [L]
Just add "test" to the pipe delimited group, or whatever you need to do to allow access to the directory with your configuration:
RewriteCond $1 !^(index\.php|test|images|robots\.txt)
# ^^^^
Without this CI requires index.php in the URL - there's no way to actually have your Codeigniter app itself redirect, rewrite URLs, or block access to the /test directory, it's generally all done through an .htaccess file.
All,
I want to redirect all traffic that comes to http://mysite/ to http://mysite/public folder. Currently I am doing this using the below in an .htaccess file and it works for the root directory. But if I browse to http://mysite/application, it doesn't redirect and shows the directory listing. I want all traffic regardless of what folder it is to redirect to http://mysite/public folder
RedirectMatch permanent ^/*$ /public/
Thanks
Try this mod_rewrite example:
RewriteEngine on
RewriteRule !^public/ /public%{REQUEST_URI} [L,R=301]
I see that you're using Zend Framework. Zend uses 'public' as the exposed web folder, but you should use the folder dictated by your web host. What is the name of the server-side folder that is exposed to the web? Your file structure should be like this:
application/
[web_exposed_dir]/
library/
In my case, the [web_exposed_dir] is called 'content'. You won't have to redirect everything to 'public' if you do it the way I've outlined.