• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
htaccess for redirecting all requests to public folder in shared hosting

#1
Maybe this could be added to the framework or to documentation somewhere - or maybe who ever needs a nudge in a speedy set up will find it useful here. This is an .htaccess file which should be put where the public folder is in a shared hosting - for redirecting everything to the public  folder - since thats where the index.php file is at.

<IfModule mod_rewrite.c>
    RewriteEngine on
    # Redirect requests to public
    RewriteRule  ^$ public/    [L]
    RewriteRule  (.*) public/$1 [L]
</IfModule>
Wait, what?
Reply

#2
I'm afraid that's not a recommended practice. You should put the content of /public inside your /public_html (e.g.) and everything else one level up.
https://codeigniter4.github.io/userguide...tml#public
Reply

#3
(03-16-2020, 11:50 AM)jreklund Wrote: I'm afraid that's not a recommended practice. You should put the content of /public inside your /public_html (e.g.) and everything else one level up.
https://codeigniter4.github.io/userguide...tml#public

Thanks, it could be the nature of my particular hosting, one level up is not an option there.
Wait, what?
Reply

#4
I would contact them about it and change host, if that's not something they can help you with.
Reply

#5
(03-16-2020, 12:32 PM)jreklund Wrote: I would contact them about it and change host, if that's not something they can help you with.
Is it that bad? What could be the consequences? They allow one folder per one site. Its really cheap - so clients like it.
Wait, what?
Reply

#6
You get what you pay for... cheaper = less security.

If someone gains access to files apache can serve, they can get database login/password and then everything in the database. Sometimes that's not so bad... sometimes that an Experian level problem.
Reply

#7
(03-16-2020, 03:16 PM)Leo Wrote: Is it that bad? What could be the consequences? They allow one folder per one site. Its really cheap - so clients like it.

It can be, as @enlivenapp stated they can get access to your .env in case you didn't block it. And maybe your app/config/Config.php to grab the database connection in case your application start severing php files as plain text (worst case).

If you still wan't to stay with your provider I would suggest copy the contents of the public folder, and place it one place up. And modify index.php, so it can find the system folder again. So that you don't get that ugly /public/ folder in your url all the time. This will not provide extra security.
Reply

#8
- It can be, as @enlivenapp stated they can get access to your .env in case you didn't block it. And maybe your app/config/Config.php to grab the database connection in case your application start severing php files as plain text (worst case)
 
Nah, everything above the folder seems to be blocked by hosting, otherwise they'd have a lot of problems. I can't find the .env myself. However if you can point me to a short tutorial, where I can prod the security myself, to test it, I'd appreciate it.

*I can't access .env myself (shows up as 404)
Wait, what?
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.