Reputation: 10064
I recently moved my index.php
(the file that handles routing) and CSS, JavaScript, and font assets to a public/
folder. I only want items in this public/
folder to be accessible for security purposes. I ran into this problem when I realized I could visit mysite.com/composer.lock
and view the composer lock file with my old .htaccess
and folder setup.
Here is what I want
If I visit mysite.com/car/create
, I want it to actually point to mysite.com/public/index.php?path=car/create
If I link to an asset such as mysite.com/css/style.css
, I want it to really point to mysite.com/public/css/style.css
Here is my folder structure
Here is my .htaccess
which is not working at all
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ public/index.php?path=$1 [L,QSA]
</IfModule>
How can I fix this? It just generates empty pages and I can still directly visit files in the root directory, etc.
Upvotes: 2
Views: 2257
Reputation: 1201
Your existing directives specifically avoid rewriting requests for existing files, so it would still enable you to visit files in the root directory. It will also rewrite static resources to public/index.php?path=
, which will presumably fail.
Try the following instead:
RewriteEngine On
# Stop processing if already in the /public directory
RewriteRule ^public/ - [L]
# Static resources if they exist
RewriteCond %{DOCUMENT_ROOT}/public/$1 -f
RewriteRule (.+) public/$1 [L]
# Route all other requests
RewriteRule (.*) public/index.php?path=$1 [L,QSA]
Upvotes: 6