• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
htaccess for redirecting all requests to public folder in shared hosting

#1
Maybe this could be added to the framework or to documentation somewhere - or maybe who ever needs a nudge in a speedy set up will find it useful here. This is an .htaccess file which should be put where the public folder is in a shared hosting - for redirecting everything to the public  folder - since thats where the index.php file is at.

<IfModule mod_rewrite.c>
    RewriteEngine on
    # Redirect requests to public
    RewriteRule  ^$ public/    [L]
    RewriteRule  (.*) public/$1 [L]
</IfModule>
---------
UPDATE:
Too many people are looking at this thread. This can be used for your development convenience on your local host ^ Just don't use bad hosting where your not able to move your folders above public_html or configure your "project root"

Right now I do this:
- "public" folder becomes the shared hosting default "public_html" folder, or whatever your shared hosting names your project folder
- encapsulate everything (app, writable,vendor, etc.) in a folder titled "project_folder", move it up. I encapsulate it in a folder so as not to make a mess with other hosting files.
- update $pathsPath, in index.php, to  FCPATH . '../project_folder/app/Config/Paths.php';
- also line 33 in spark.php (define('FCPATH', __DIR__ . '/public' . DIRECTORY_SEPARATOR);) should be changed - but I'm not sure yet what spark does as I haven't used it yet.
- yay for good security measures

----- ON A BETTER HOSTING you can actually simply configure your "public" folder to be your "project root" - and thats it
You can see things I made with codeigniter here: itart.pro its not overly impressive as I have very little time to learn.
Reply

#2
I'm afraid that's not a recommended practice. You should put the content of /public inside your /public_html (e.g.) and everything else one level up.
https://codeigniter4.github.io/userguide...tml#public
Reply

#3
(03-16-2020, 11:50 AM)jreklund Wrote: I'm afraid that's not a recommended practice. You should put the content of /public inside your /public_html (e.g.) and everything else one level up.
https://codeigniter4.github.io/userguide...tml#public

Thanks, it could be the nature of my particular hosting, one level up is not an option there.
You can see things I made with codeigniter here: itart.pro its not overly impressive as I have very little time to learn.
Reply

#4
I would contact them about it and change host, if that's not something they can help you with.
Reply

#5
(03-16-2020, 12:32 PM)jreklund Wrote: I would contact them about it and change host, if that's not something they can help you with.
Is it that bad? What could be the consequences? They allow one folder per one site. Its really cheap - so clients like it.
You can see things I made with codeigniter here: itart.pro its not overly impressive as I have very little time to learn.
Reply

#6
You get what you pay for... cheaper = less security.

If someone gains access to files apache can serve, they can get database login/password and then everything in the database. Sometimes that's not so bad... sometimes that an Experian level problem.
Reply

#7
(03-16-2020, 03:16 PM)Leo Wrote: Is it that bad? What could be the consequences? They allow one folder per one site. Its really cheap - so clients like it.

It can be, as @enlivenapp stated they can get access to your .env in case you didn't block it. And maybe your app/config/Config.php to grab the database connection in case your application start severing php files as plain text (worst case).

If you still wan't to stay with your provider I would suggest copy the contents of the public folder, and place it one place up. And modify index.php, so it can find the system folder again. So that you don't get that ugly /public/ folder in your url all the time. This will not provide extra security.
Reply

#8
(03-16-2020, 11:50 AM)jreklund Wrote: I'm afraid that's not a recommended practice. You should put the content of /public inside your /public_html (e.g.) and everything else one level up.
https://codeigniter4.github.io/userguide...tml#public

Could you point to the explanation via web, why it is not a recommended practice? Thank you in advance.
Reply

#9
(09-01-2020, 07:42 AM)[email protected] Wrote: Could you point to the explanation via web, why it is not a recommended practice? Thank you in advance.

I don't know any articles by heart and haven't written any myself on the topic, but it's basically this:
In case your web server gets miss-configured and it dosen't read your .htaccess file or PHP for some reason don't evaluate your files, people can access everything from the url. That's what the extra security provides, you can't access those files under any circumstances from an url (as it's one level up) even if your web-server setting changes.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.