| index.html - can I take it out from CI in a safe way? |
index.html is all over CI to avoid direct folder access I assume..
Is there a safe way to remove this? Maybe with .htaccess rules or something like that. What do you guys think about this? I kinda hate having index.html all over my project...
The safest way would be to re-structure the project and remove all of those directories from the web root.
You could use .htaccess files, but the more you have, the more Apache has to scan, and the slower your site responds. Additionally, if there's even a mis-configuration in Apache, your application folders could be scanned by potential attackers. They provide a safe-guard against those potential mis-configuration errors, but are otherwise unnecessary.
What about adding this to the .htaccess in the root:
Options All -Indexes Isn't this the same thing and the index.html are not necessary anymore? Should I remove system from public_html anyways? If I do that I don't need the index.html files right? But there are still many in the application folder...
You can easily move both the system and application folders above the webroot. I only have assets in the public root, css, js, images etc. and index.php but I still leave the index.html files anyway, they do not bother me at all :-)
Actually, "Options -Indexes" just prevents mod_autoindex from returning a formatted listing of the directory if that file is not present. In most situations, you should avoid "Options All", but "Options -Indexes" is a good idea for those directories which don't contain an index file.
You should remove system and application from public_html, if you can, regardless of whether you remove the index.html files.
So as far as I can see Options -Indexes will be a good idea right? Or is there any situation where index.html can be better then using this in .htaccess?
Hum... moving system and application out of public_html is very troublesome? Or is it just a matter of changing the config ?
Just change a couple of settings in the index.php file around lines 100 and 116, it really could not be any easier.
PHP Code: $application_folder = '/home/sites/path/to/application';Hope that helps, Paul
The steps required to move the system and application directories out of public are detailed in the user guide's installation instructions:
https://codeigniter.com/user_guide/insta...index.html In most cases, you just need to edit two paths in your main index.php file. One of the situations which I've seen in which the index.html file is better than "Options -Indexes" in the .htaccess file is when someone disables the ability to use the .htaccess file or disables your ability to use certain settings in the .htaccess file, especially when they do it without telling you. Neither the index.html file nor "Options -Indexes" prevents someone from executing the scripts in those directories if they can guess the name/location of the script in the first place (and the server isn't configured to prevent them from doing so), but they both make it slightly more difficult for someone to make those guesses. (07-29-2016, 08:46 AM)Ivo Miranda Wrote: index.html is all over CI to avoid direct folder access I assume.. Change your structure dir project like CodeIgniter4 Code: application/In your ../public_html/index.php file: Code: $system_path = '../system';Other reference about .htaccess for local or development you can see this example from Phalcon Tutorial.
Thanks guys. It was really pretty easy to move application and system folder. So at this point the index.html inside the application and system folder that is outside the public_html are completly useless right?
|
| Welcome Guest, Not a member yet? Register Sign In |
