+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: add htaccess folder application (/showthread.php?tid=65113)
add htaccess folder application - jonathanq - 04-30-2016
Why CI need defined('BASEPATH') OR exit('No direct script access allowed'); in all files application?
is required add index.html to all folders?
is secure use htaccess for deny application?
<IfModule authz_core_module>
Require all denied
</IfModule>
<IfModule !authz_core_module>
Deny from all
</IfModule>
RE: add htaccess folder application - skunkbad - 04-30-2016
(04-30-2016, 02:42 PM)jonathanq Wrote: Why CI need defined('BASEPATH') OR exit('No direct script access allowed'); in all files application?
is required add index.html to all folders?
is secure use htaccess for deny application?
<IfModule authz_core_module>
Require all denied
</IfModule>
<IfModule !authz_core_module>
Deny from all
</IfModule>
I believe the check was intended to help secure PHP files from being executed directly when server was not Apache, or when certain Apache configuration was not available.
RE: add htaccess folder application - Asad - 05-01-2016
(04-30-2016, 02:42 PM)jonathanq Wrote: Why CI need defined('BASEPATH') OR exit('No direct script access allowed'); in all files application?
is required add index.html to all folders?
is secure use htaccess for deny application?
<IfModule authz_core_module>
Require all denied
</IfModule>
<IfModule !authz_core_module>
Deny from all
</IfModule>
Hi According to my knowledge every framework has some rules to activate core files. Once we generate request it goes to index.php that activates framework and its classes whatever we need to initiate or not then after looking on Base URL framework activates a specific controller, It makes sure that user merely is not trying to run single php file on server and also the framework was properly loaded. As running php file assumes that all classes that were needed by framework were already declared so runing a controller on its own may welcome a security threat. So we don't allow direct access. I hope this will clear you question. Thank you
RE: add htaccess folder application - InsiteFX - 05-01-2016
Its to stop them from viewing the php files if someone happens to hack your website.
If the BASEPATH is not set then they still cannot view the files, which means index.php was not loaded.