问题
I have always ensured my application code, configuration files, logs, etc, are stored OUTSIDE of the webroot. It's just common sense. So, my project structures look something like...
/app/
/config/
/web/
My client is already with godaddy, so I stupidly registered a basic linux hosting package with them, before realising they don't let you access one level above your webroot OR change your webroot to one level lower.
Their tech support guy just told me to make a new folder in there and call it "web" and do a "HTML redirect" to that. ugh. The obvious problem then that someone could simply browse to mydomain.com/config/database.yml
So, I'm very close to just moving hosts, but I was wondering if anyone knows of a way (htaccess I suppose) that I can transparently redirect all requests to mydomain.com to mydomain.com/web instead. Then, ensure no files can be accessed within /app/, /config/, etc...
Within the /web/ directory I need mod_rewrite since it's a symfony app.
EDIT: I have added the following .htaccess to the root of my project
Options All -Indexes
<FilesMatch "\.(htaccess|htpasswd|ini|php|log|yml)$">
Order Allow,Deny
Deny from all
</FilesMatch>
Which gives me some confidence. But I still don't want people to have to go to:
mydomain.com/somestupidsubfolder
回答1:
RewriteEngine On
RewriteRule ^/(.*)$ /web/$1
回答2:
Hm, it is common problem for such hostings when you cant to put your sources outside webroot_dir. It is not OK for the security, but nothing to do... we should to put it to web root.
So lets all sources are stored in 'project' dir: apps, cache, config, data, lib, log, plugins, test, etc. Project dir stored in your webrootdir named 'httpdocs'
index.php contains something similar:
require_once(dirname(__FILE__).'/project/config/ProjectConfiguration.class.php');
$configuration = ProjectConfiguration::getApplicationConfiguration('frontend', 'prod', false);
sfContext::createInstance($configuration)->dispatch();
project configuration file ProjectConfiguration.class.php contains:
//full path to autoload
require_once '/usr/local/www/vhosts/mywebsite.com/httpdocs/project/lib/symfony/autoload/sfCoreAutoload.class.php';
sfCoreAutoload::register();
class ProjectConfiguration extends sfProjectConfiguration
{
public function setup()
{
$this->setWebDir($this->getRootDir() . '/..'); // <<<-- this does the trick
$this->enablePlugins(...);
}
}
and DO NOT FORGET to close your sources ('project' dir) with htaccess.
gl
来源:https://stackoverflow.com/questions/4970903/htaccess-change-webroot-and-protect-files