I have codeigniter project lets say example.com. In my public_html folder on my server, i created a folder called test and i want to be able to access some file via the web using example.com/test/somefile.php
Since i also have a codeigniter project in the same public_html directory, i always get a codeigniter page not found error when i try example.com/test/somefile.php.
How can i basically tell my server or codeigniter project that the folder "test" is not part of the codeigniter app?
In your .htaccess at the root of public_html, you probably have something like this for routing everything through index.php:
Example taken from the CI user guide: http://codeigniter.com/user_guide/general/urls.html
RewriteEngine on
# If the path doesn't start with one of these...
RewriteCond $1 !^(index\.php|images|robots\.txt)
# ...send the request to index.php/REQUEST
RewriteRule ^(.*)$ /index.php/$1 [L]
Just add "test" to the pipe delimited group, or whatever you need to do to allow access to the directory with your configuration:
RewriteCond $1 !^(index\.php|test|images|robots\.txt)
# ^^^^
Without this CI requires index.php in the URL - there's no way to actually have your Codeigniter app itself redirect, rewrite URLs, or block access to the /test directory, it's generally all done through an .htaccess file.
Related
I have a very legacy php application, that I'm trying to update to Symfony.
The application currently has a structure similar to this:
/www <-current web root
php_page1.php
php_page2.php
php_pagen.php
/dashboard
dashboard_page1.php
dashboard_page2.php
dashboard_pagen.php
The pages have helper files full of functions and the like, and there's also a few folders full of assets, but that's not really important. So to access a given page you'd point your browser to domain.com/php_page1.php or domain.com/dashboard/dashboard_page1.php... there's no front controller. All pages are accessed directly.
All in all, there's too much to refactor at once, so I want to do it in peices, one page at a time.
What I want to do is install symfony on top of what I have now, so the symfony structure will co-exist with what's currently here:
/www <-legacy
php_page1.php <-legacy
php_page2.php <-legacy
php_pagen.php <-legacy
/app <-symfony
/dashboard <-legacy
dashboard_page1.php <-legacy
dashboard_page2.php <-legacy
dashboard_pagen.php <-legacy
/src <-symfony
/web <-symfony (new web root)
.htaccess <-symfony (points to app.php)
app.php <-symfony (front controller)
I've successfully installed Symfony and migrated a sample legacy page over (Please note the web root moved). This works great.
The trouble is, ultimately, I need Apache to serve the legacy pages if they exist, and go through front controller (app.php) if they do not.
Here's what I've tried.
I've tried various .htaccess rules to try and make Apache serve files in /www and /www/dashboard. These fail, with Symfony telling me there's no route to match to.
I've also tried Symfony's $this->redirect('..\www\php_page1.php');. This fails with Symfony telling me "Looks like you tried to load a template outside of configured directories."
Finally I tried to add /dashboard as a route:
/**
* #Route("/cvdashboard/{file}")
*/
public function cvdashboardAction($file) {
return $this->render("#dashboard/$file");
}
And added a twig path:
twig:
...
paths:
'%%kernel.root_dir%/../dashboard':dashboard
This yealds three exceptions:
FileLoaderLoadException in FileLoader.php line 118:
InvalidArgumentException in YamlFileLoader.php line 371:
ParseException in Inline.php line 108:
Question
So my question is:
How can I configure Symfony / Apache such that if a url that currently exists is called (i.e. domain.com/php_page1.php) it will serve that page either through Symfony or Apache directly and if it does not exist, have Symfony's front controller handle the request?
EDIT
Here's the .htaccess I currently have:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . app_dev.php [L]
This works for Symfony and routes anything I have a defined route for. The problem is that it's in /www/web (new web root), which is where Symfony wants the web root to be. It won't access anything in /www or /www/dashboard, which is outside the web root.
I'm trying to use .htaccess to either cause Apache to grab files from one level down from the web root, or cause Symfony to serve those pages as the generic php scripts they are.
You can use mod_rewrite for that:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d # not an existing dir
RewriteCond %{REQUEST_FILENAME} !-f # not an existing file
# redirect to the symfony app.php file
RewriteRule ^(.*)$ www/app.php [L]
I've been trying to change my CodeIgniter file structure to make it safer and cleaner but I can't get it to work. I want to separate the application/system and the public files that are going to be visible to users.
- application
- system
- public
It works but I have to enter
example.com/public/index.php or example.com/public/controller
I want to be able to just type the base URL like example.com/controller.
How can I do it?
For CodeIgniter 3.x, the correct way to approach this (at this point in 2018 and after) is as follows:
Make a public folder in your root folder
MOVE your index.php file into this folder (to prevent ambiguity)
inside the moved index.php file, change the following:
change $system_path to ../system
change $application_folder to ../application
Now, we need an .htaccess file, but CI 3.x doesn't have a .htaccess file by default, soo.. how about stealing it from CI 4.x which has it by default? You can find it here:
https://github.com/bcit-ci/CodeIgniter4/blob/develop/public/.htaccess
I recommend you NOT include the line SetEnv CI_ENVIRONMENT development - instead, define this in your apache or NGinx .conf file so the .htaccess file can work anywhere.
Finally, you'll meed to update your .conf file so that DOCUMENT_ROOT is set to the subfolder named public (or whatever you chose to name it). Then restart Apache/Nginx.
That should give you the same results, and be much more secure.
-- UPDATE --
I found that I had problems with the .htaccess file from CI 4, however suspect it's my system that's the problem. This simple version did work however:
RewriteEngine on
RewriteCond $1 !^(index\.php|assets|images|js|css|uploads|favicon.png)
RewriteCond %(REQUEST_FILENAME) !-f
RewriteCond %(REQUEST_FILENAME) !-d
RewriteRule ^(.*)$ ./index.php/$1 [L]
As per the CodeIgniter Installation Instructions...
/var/application/
/var/system/
/var/www/index.php
For the best security, both the system and any application folders should be placed above web root so that they are not directly accessible via a browser. By default, .htaccess files are included in each folder to help prevent direct access, but it is best to remove them from public access entirely in case the web server configuration changes or doesn’t abide by the .htaccess.
I have a Laravel app, and the document root of host is configured at Laravel root folder (upper directory of public).
I tried the following .htaccess to silently rewrite URLs, but it keeps redirecting me to /public, instead of showing domain URL and rewriting it to /public
RewriteEngine On
RewriteRule ^(.*)?$ /public$1 [L,NC]
I want to visit example.com and see my Laravel app, not redirecting user to example.com/public.
This will help you definitely
: Removing the /public segment in a Laravel 4 app
http://creolab.hr/2013/03/removing-the-public-segment-in-a-laravel-4-app/
Create a front controller in the document root, call it index.php. Use this front controller to invoke the front controller in the public folder. Make sure you add the .htaccess to that document root prohibiting all sensitive data from being accessed.
I'm building an application for broad distribution and I want to change the way it's routed so that all the files can exist in the document root but still be secure as if they were above the doc root.
The ideal set up would be to house the application folder above the docroot like so:
/home
/---/username
/---/--->application
/---/---/--->all application files
/---/--->public_html
/---/---/--->all public files
But I know this isn't ideal for all potential users of my app, so I'd prefer to move this to a structure like so:
/home
/---/username
/---/--->public_html
/---/---/--->application
/---/---/---/--->all application files
/---/---/--->public
/---/---/---/-->all public files
Basically just putting everything within the doc root, forbidding access to the application directory, and routing all requests to the public folder, so that we can get the same security of having files above the doc root, but making it simpler for those that may not want this type of set up for their shared hosts.
I was thinking of using an include inside public_html/index.php that would include public_html/public/index.php but I can't seem to get that to work.
Any help would be appreciated.
As I understand it you want to have home/username/public_html as the real Apache Document Root, deny access from the /application directory and, ideally, route all web requests into the /public sub-directory instead (presumably for users not on dedicated servers who can't install outside of the docroot) ... If I've misunderstood the question let me know and I'll update/remove the answer ;)
You should be able to achieve this with an .htaccess file in /home/username/public_html like:
RewriteEngine on
# deny access to the application directory
RewriteRule ^application/? - [F]
# route all requests to the public directory that aren't already there
RewriteRule ^(?!public/)(.*)$ /public/$1 [L,QSA]
Any attempts to access the /application directory will result in a 403 error and all requests to http://www.myserver.tld/file.ext will be routed to http://www.myserver.tld/public/file.ext.
Caveat: To prevent recursive loops of the redirect, the rewrite rule will not redirect any URL path that already begins with /public ... this means that any file under /public will be accessible on both the http://www.mysite.tld/filename.ext and http://www.mysite.tld/public/filename.ext - which may upset search engines.
To be extra safe you could also add an .htaccess file to the /application directory like:
Deny from all
Use this.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ public_html/ [L]
RewriteRule (.*) public_html/$1 [L]
</IfModule>
Are you using any framework in your app?
Have you a sample of code we could access to understand your problem?
Basically, you just need an htaccess in your public_html folder that redirect the request to the public folder and disable the access to any other directory than public.
I have a problem with Codeigniters Security.
My Codeigniter Installation has the Application Folder, System Folder and a Assets Folder.
In my Assets Folder there is a Third Party PHP Script.
I want to Call this Script: DOMAIN/assets/FOLDEROFEXTERNALSCRIPT/EXTERNALPHPSCRIPT.php
Is there a option that i can call this File over the URL without a Controller?
I hope you have removed index.php from your url's which is done by either adding the below rewrite rules in the .htaccess file at your DOMAIN root directory, or by adding these rewrite rules in the virtual hosts.
Below rule means, to rewrite every url to index.php?params except if the current url contains "index.php or assets in it", now you can put any static content or even core PHP scripts in this folder to be access directly, with having CI in picture.
In your .htaccess file just add "assets" folder in the bypass rule, along with index.php
RewriteEngine on
RewriteCond $1 ^!(index\.php|assets)
RewriteRule ^(.*)$ /index.php?$1 [L,QSA]