I have configured the database credentials in the .env file. But I can access the file .env file from the browser and it displays all the variables in the .env file.
How do I make it secure so it is not publicly readable?
My folder structure is like this:
public_html/project/
.env
app
public
system
writable
The application is accessed from domain.com/project/public.
In fact you're not installing the project correctly on your server
The public_html folder should contain files that are intended to be accessible by the browser
In the case of CodeIgniter 4, the contents of the public_html folder are the contents of public folder, you usually put the front controller index.php and your assets folder inside public_html
The rest of folders and files goes next to public_html, so your folder structure needs to look like this:
|__.env
|__app
|__public_html
|____index.php
|____assets
|__system
|__writable
Try to prevent it from .htaccess
<Files .env>
Order allow,deny
Deny from all
</Files>
Related
I have a install that has a web folder that has the website stored in this. How can I make the domain load from this folder within the public_html folder.
The domain is like: sub.domain.co.nz
Don't put the entire Symfony project under the public_html folder - this will cause all of the project files to be accessible over the web, including .yml files that include sensitive information like database passwords!
Put the Symfony project files in a folder that is not web accessible. Then configure your web server so that the DocumentRoot points to the path of the web folder of the Symfony project, and also modify the paths of all the aliases.
I have a website with files that should only be downloaded from the download.php file, their saved in a map like /uploads/map1_/file.bin
I don't want people to be able to download the file directly from the directory but only from the download page. I think this is possible with htacces, but I can't find how to do that..
First, create a .htaccess file in your /uploads/ folder.
Then, put this code into it
<FilesMatch "\.bin$">
Order Allow,Deny
Deny from All
</FilesMatch>
Options -Indexes
Note: the most secure solution is to put your bin files out of public scope
My directory structure is as follows:
-application
-system
-assets
--images
--downloads
--css
index.php
I created assets as suggested on stackoverflow,I wanted to restrict access to downloads so placed .htaccess file in assets folder with the following directive
Deny from all
now its protected but as assets has css files and those are also not accessible too.
Try to put the htaccess file to downloads file
My "htdocs" folder is set to this: C:\webserver\xampp\htdocs
All my folders exist in subfolders of this folder.
I have such another folder here: c:\MyProjects\project1
I need to htaccess rewrite so, when I write: http://127.0.0.1/project1/myfile.php
On my browser, I will see the result of "myfile.php" inside "project1" folder.
Is it possible?
Is it possible?
No, you can't rewrite a URI outside of your document root, C:\webserver\xampp\htdocs. And htaccess file sitting in that htdocs directory won't be able to point a request outside of the htdocs directory. Mod_rewrite isn't what you want anyways. You want to use mod_alias from within the vhost config or server config. Something along the lines of:
Alias /project1 C:/MyProjects/project1
See also: Make XAMPP/Apache serve file outside of htdocs
For testing I hosted my website on free server from 000webhost.com
They have a directory structure:-
(root folder) \
(public folder) \public_html
this directory structure enables to keep all the library files in root folder and all public data in \public_html, so I developed my website accordingly, and my final structure looked like:-
/
/include(this folder contains library files)
/logs(log files)
/public_html
/public_html/index.php
/public_html/home.php
/public_html/and other public files
on 000webhost makes only public_folder available to be accessed via url and my url looked neat and clean like
www.xample.com/index.php
or
www.example.com/home.php
but after completion of development I moved website to shared host purchased from go-daddy.com, now they do not have any such kind of directory permission, all the files are kept in root folder and are accessible via url also url has become like:-
www.example.com/public_html/home.php
or
www.example.com/public_html/index.php
How should I redirect url request to public_html folder again so as to make library file unavailable to public access and make url neat and clean.
Does Godaddy allow you access to Apache?
If so you might be able to modify document root in such a way that the public folder is on the same level as the library and log folders.
Otherwise you will be left in the same situation as many other who use shared hosting and have to protect your folders with .htaccess files.