+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Feature Requests (https://forum.codeigniter.com/forumdisplay.php?fid=29)
+--- Thread: htaccess for redirecting all requests to public folder in shared hosting (/showthread.php?tid=75774)
htaccess for redirecting all requests to public folder in shared hosting - Leo - 03-16-2020
Maybe this could be added to the framework or to documentation somewhere - or maybe who ever needs a nudge in a speedy set up will find it useful here. This is an .htaccess file which should be put where the public folder is in a shared hosting - for redirecting everything to the public folder - since thats where the index.php file is at.
<IfModule mod_rewrite.c>
RewriteEngine on
# Redirect requests to public
RewriteRule ^$ public/ [L]
RewriteRule (.*) public/$1 [L]
</IfModule>
---------
UPDATE:
Too many people are looking at this thread. This can be used for your development convenience on your local host ^ Just don't use bad hosting where your not able to move your folders above public_html or configure your "project root"
Right now I do this:
- "public" folder becomes the shared hosting default "public_html" folder, or whatever your shared hosting names your project folder
- encapsulate everything (app, writable,vendor, etc.) in a folder titled "project_folder", move it up. I encapsulate it in a folder so as not to make a mess with other hosting files.
- update $pathsPath, in index.php, to FCPATH . '../project_folder/app/Config/Paths.php';
- also line 33 in spark.php (define('FCPATH', __DIR__ . '/public' . DIRECTORY_SEPARATOR);) should be changed - but I'm not sure yet what spark does as I haven't used it yet.
- yay for good security measures
----- ON A BETTER HOSTING you can actually simply configure your "public" folder to be your "project root" - and thats it
RE: htaccess for redirecting all requests to public folder in shared hosting - jreklund - 03-16-2020
I'm afraid that's not a recommended practice. You should put the content of /public inside your /public_html (e.g.) and everything else one level up.
https://codeigniter4.github.io/userguide/concepts/structure.html#public
RE: htaccess for redirecting all requests to public folder in shared hosting - Leo - 03-16-2020
(03-16-2020, 11:50 AM)jreklund Wrote: I'm afraid that's not a recommended practice. You should put the content of /public inside your /public_html (e.g.) and everything else one level up.
https://codeigniter4.github.io/userguide/concepts/structure.html#public
Thanks, it could be the nature of my particular hosting, one level up is not an option there.
RE: htaccess for redirecting all requests to public folder in shared hosting - jreklund - 03-16-2020
I would contact them about it and change host, if that's not something they can help you with.
RE: htaccess for redirecting all requests to public folder in shared hosting - Leo - 03-16-2020
(03-16-2020, 12:32 PM)jreklund Wrote: I would contact them about it and change host, if that's not something they can help you with.Is it that bad? What could be the consequences? They allow one folder per one site. Its really cheap - so clients like it.
RE: htaccess for redirecting all requests to public folder in shared hosting - enlivenapp - 03-16-2020
You get what you pay for... cheaper = less security.
If someone gains access to files apache can serve, they can get database login/password and then everything in the database. Sometimes that's not so bad... sometimes that an Experian level problem.
RE: htaccess for redirecting all requests to public folder in shared hosting - jreklund - 03-17-2020
(03-16-2020, 03:16 PM)Leo Wrote: Is it that bad? What could be the consequences? They allow one folder per one site. Its really cheap - so clients like it.
It can be, as @enlivenapp stated they can get access to your .env in case you didn't block it. And maybe your app/config/Config.php to grab the database connection in case your application start severing php files as plain text (worst case).
If you still wan't to stay with your provider I would suggest copy the contents of the public folder, and place it one place up. And modify index.php, so it can find the system folder again. So that you don't get that ugly /public/ folder in your url all the time. This will not provide extra security.
RE: htaccess for redirecting all requests to public folder in shared hosting - [email protected] - 09-01-2020
(03-16-2020, 11:50 AM)jreklund Wrote: I'm afraid that's not a recommended practice. You should put the content of /public inside your /public_html (e.g.) and everything else one level up.
https://codeigniter4.github.io/userguide/concepts/structure.html#public
Could you point to the explanation via web, why it is not a recommended practice? Thank you in advance.
RE: htaccess for redirecting all requests to public folder in shared hosting - jreklund - 09-01-2020
(09-01-2020, 07:42 AM)[email protected] Wrote: Could you point to the explanation via web, why it is not a recommended practice? Thank you in advance.
I don't know any articles by heart and haven't written any myself on the topic, but it's basically this:
In case your web server gets miss-configured and it dosen't read your .htaccess file or PHP for some reason don't evaluate your files, people can access everything from the url. That's what the extra security provides, you can't access those files under any circumstances from an url (as it's one level up) even if your web-server setting changes.