randomKek
randomKek

Reputation: 1128

apache2 httpd configuration

My document root is /var/www and I have no virtual hosts enabled. This is my folder structure of /var/www:

index.php
classes (external)
controllers
models
files (img, js, css)
views (pages, components)

As you can see I am using a model view controller pattern. What I need now is the correct configuration I have to use in my httpd.conf to define that only the files folder can be accesed and no other folder, to prevent "Not found" messages or direct php access. How can I set this up?

This is my current httpd.conf

ServerSignature Off
ServerTokens Full

# Settings for server @ port 80.
<VirtualHost *:80>
    ServerName <url>
    DocumentRoot /var/www
    DirectoryIndex index.php

    # No one has access to the main directory.
    <Directory />
        Order Deny,Allow
        Deny from all
        Options None
        AllowOverride None
    </Directory>

    # Configure the main directory
    <Directory /var/www>

        # Everyone has access to the main directory.
        Order Allow,Deny
        Allow from all
        Options FollowSymLinks
        AllowOverride None

        # Enable clean urls.
        RewriteEngine On
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteRule ^(.*)$ index.php/$1 [L]
    </Directory>
</VirtualHost>

Thanks for help :)

Upvotes: 0

Views: 175

Answers (1)

drew010
drew010

Reputation: 69977

If possible, it would be ideal to keep your controllers, view scripts and other application related code out of /var/www and instead put it in /var/application or something like that.

Then you don't need any rewrite rules to deny access to everything but files. If you ever wanted to add access to a new folder (e.g. /var/www/css) then you will likely have to do something to make it accessible. Or you have the reverse situation where you explicitly deny the folders you don't want accessed. That works but if .htaccess is ever broken or someone forgets the rules moving to a new server then you have more work to do.

In index.php, define some constant that tells where the files live (e.g. define('APPLICATION_PATH', '/var/application');

Upvotes: 1

Related Questions