Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help add htaccess folder application
add htaccess folder application
  • Offline jonathanq
    Junior Member
  • **
  • Posts: 16
    Threads: 9
    Joined: Sep 2015
    Reputation: 0
#1
Exclamation  04-30-2016, 02:42 PM

Why CI need defined('BASEPATH') OR exit('No direct script access allowed'); in all files application?
is required add index.html to all folders?

is secure use htaccess for deny application?
<IfModule authz_core_module>
Require all denied
</IfModule>
<IfModule !authz_core_module>
Deny from all
</IfModule>
Reply
  • Offline skunkbad
    Senior Citizen
  • *****
  • Posts: 1,300
    Threads: 63
    Joined: Oct 2014
    Reputation: 86
#2
04-30-2016, 11:05 PM

(04-30-2016, 02:42 PM)jonathanq Wrote: Why CI need defined('BASEPATH') OR exit('No direct script access allowed'); in all files application?
is required add index.html to all folders?

is secure use htaccess for deny application?
<IfModule authz_core_module>
Require all denied
</IfModule>
<IfModule !authz_core_module>
Deny from all
</IfModule>

I believe the check was intended to help secure PHP files from being executed directly when server was not Apache, or when certain Apache configuration was not available.
Expert Website Development - Temecula, CA
Community Auth For CodeIgniter 3
Reply
  • Offline Asad
    Newbie
  • *
  • Posts: 1
    Threads: 0
    Joined: Apr 2016
    Reputation: 1
#3
05-01-2016, 12:51 AM

(04-30-2016, 02:42 PM)jonathanq Wrote: Why CI need defined('BASEPATH') OR exit('No direct script access allowed'); in all files application?
is required add index.html to all folders?

is secure use htaccess for deny application?
<IfModule authz_core_module>
Require all denied
</IfModule>
<IfModule !authz_core_module>
Deny from all
</IfModule>

Hi According to my knowledge every framework has some rules to activate core files.  Once we generate request it goes to index.php that activates framework and its classes whatever we need to initiate or not then after looking on Base URL framework activates a specific controller, It makes sure that user merely is not trying to run single php file on server and also the framework was properly loaded. As running php file assumes that all classes that were needed by framework were already declared so runing a controller on its own may welcome a security threat. So we don't allow direct access. I hope this will clear you question. Thank you
Reply
  • Offline InsiteFX
    Super Moderator
  • ******
  • Posts: 6,328
    Threads: 291
    Joined: Oct 2014
    Reputation: 235
#4
05-01-2016, 03:55 AM

Its to stop them from viewing the php files if someone happens to hack your website.

If the BASEPATH is not set then they still cannot view the files, which means index.php was not loaded.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply




Theme © iAndrew 2016 - Forum software by © MyBB