Home/ Questions/Q 8527011
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T08:26:06+00:00

This morning, I was afraid when I discovered that it is possible to display

  • 0

This morning, I was afraid when I discovered that it is possible to display by default the http://www.mydomain.com/application/configs/application.ini file of my Zend project!

And more disturbing, it is possible to display the php source code of the .phtml page when pointing the final URL like http://www.mydomain.com/application/views/scripts/index/index.phtml

Therefore, I really need to protect my web site. I am sure that it is possible to prevent the .ini file and source code displaying using the right syntax of the main .htaccess located in the public folder.

Could you help me?

I thought about this kind of syntax, but I won’t copy the .htaccess file into all my folder. I would like write the rule only into one file.

RewriteEngine on 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC] 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC] 
RewriteRule .*\.(phtml|php)$ - [F]

EDIT
My directory structure is : 

ProjectDir
 |_application
 | |_configs
 | |_controllers
 | |...
 |
 |_public
 | |_index.php
 | |_css
 | |_js
 | |_.htaccess
 |
 |_library
   |_Zend
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Everything seems to be one directory too low.

    The web root seems to be your “ProjectDir”.

    In this directory you only want to have the contents of your public folder.

    The application and library directories need to be one level up. You should be able to do this with your hosting interface.

    Your structure should look like this if you cannot modify the vhost:

    |_application
|
|_library
|   |_Zend
|
|_ProjectDir
    |_index.php
    |_css
    |_js
    |_img
    |_.htaccess
    • 0