My document root is /var/www and I have no virtual hosts enabled.
This is my folder structure of /var/www:
index.php
classes (external)
controllers
models
files (img, js, css)
views (pages, components)
As you can see I am using a model view controller pattern. What I need now is the correct configuration I have to use in my httpd.conf to define that only the files folder can be accesed and no other folder, to prevent “Not found” messages or direct php access. How can I set this up?
This is my current httpd.conf
ServerSignature Off
ServerTokens Full
# Settings for server @ port 80.
<VirtualHost *:80>
ServerName <url>
DocumentRoot /var/www
DirectoryIndex index.php
# No one has access to the main directory.
<Directory />
Order Deny,Allow
Deny from all
Options None
AllowOverride None
</Directory>
# Configure the main directory
<Directory /var/www>
# Everyone has access to the main directory.
Order Allow,Deny
Allow from all
Options FollowSymLinks
AllowOverride None
# Enable clean urls.
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
</Directory>
</VirtualHost>
Thanks for help 🙂
If possible, it would be ideal to keep your controllers, view scripts and other application related code out of
/var/wwwand instead put it in/var/applicationor something like that.Then you don’t need any rewrite rules to deny access to everything but files. If you ever wanted to add access to a new folder (e.g.
/var/www/css) then you will likely have to do something to make it accessible. Or you have the reverse situation where you explicitly deny the folders you don’t want accessed. That works but if .htaccess is ever broken or someone forgets the rules moving to a new server then you have more work to do.In
index.php, define some constant that tells where the files live (e.g.define('APPLICATION_PATH', '/var/application');