YIi2 upload folder move to project root directory - .htaccess

how to keep Files upload folder in root directory of project.
which change need in htaccess?
Options -Indexes
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^admin(.+)?$ backend/web/$1 [L,PT]
RewriteRule ^(.*)$ frontend/web/$1 [L]
</IfModule>
# Deny accessing below extensions
<Files ~ "(.json|.lock|.git)">
Order allow,deny
Deny from all
</Files>
# Deny accessing dot files
RewriteRule (^\.|/\.) - [F]
currently my image files are store in
project/backend/web/uploads/
i want to upload dynamic files in
root folder of project ie project/uploadImage

the project root directory in advanced template is two level upper the home directory for you application .
then If you have proper right for this and need an access to this level you could create an alias eg:
Yii::setAlias('#my_project_home', realpath(dirname(__FILE__).'/../../'));
or if you want store in upload subdir of project directory
Yii::setAlias('#my_project_upload', realpath(dirname(__FILE__).'/../../upload'));
you can retrive the alias using :
Yii::getAlias('#my_project_upload'); // displays: your_project/upload
see more for alias here http://www.yiiframework.com/doc-2.0/guide-concept-aliases.html

Related

How deny direct access for uploaded js files in htaccess?

I used File Manager and uploaded some txt and js files which is not part of site.
I denied access to site from refers except one.
Files can be read using browser.
I created folder and put these txt and js files,added htaccess and wrote next code
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://allowed refer site/ [NC]
RewriteRule .*\.(js|css)$ - [F]
However txt and js can be opened using browser.
<FilesMatch ~ "\.(txt|js)$">
Order allow,deny
Deny from all
</FilesMatch>
This code didn't effect,files are still can be read.
All files have chmod 600.How close access to these files to all refers except one?

Restrict show media files from specific domain

I have a media server (FTP folder) including .mp4 files and I want to display these media files only through the specific domain or IP and I want to block the download files directly. how can I do that with .htaccess files in my media folders?
I search about that and I found some solution but none of them working in my case.
1st solution :
Order Deny, Allow
Deny from all
Allow from 000.000.000.000
2nd solution:
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.mydomainname\.com$ [NC]
RewriteRule ^ - [F]
If you want to restrict by IP, add in .htaccess file
<Directory /folder>
Options +Indexes
Order deny,allow
Deny from all
Allow from 000.000.000.000
</Directory>

Symfony4 routing inside a subfolder

I have a symfony app in my /var/www/html/app/ and I'd like to access it via host/app/ but I can't make it work.
I have a conf file with this
<Directory /var/www/html/app>
AllowOverride All
Order Allow,Deny
Allow from All
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
# RewriteCond %{REQUEST_FILENAME} !-f
# RewriteCond %{REQUEST_FILENAME} !-d
# RewriteRule ^(.*)$ public/$1 [L]
</IfModule>
</Directory>
It's commented because I tried to do the redirect here but it didn't worked so I made the following .htaccess.
And this htaccess in /var/www/html/app/.htaccess
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteRule ^(.*)$ public/$1 [L]
</IfModule>
With this .htaccess, When I go to ://host/app I go to the symfony app (not the apache directory structure) and that seems to be a good start.
But the problem is I'm getting an Exception No Routes found for /app/.
That's normal because /app/ is the subfolder in my server, not the start of symfony routes.
How can I make the symfony routes beginning after the /app/ folder path ?
I know there is some questions about symfony2/3 routing in subfolder but the answer requires to separate src and public files, that's not what I'd like to have.
I just want my routes working when accessing ://host/app.
For information, It works great when I access ://host/app/public/*Symfony routes*
Edit:
New app.conf
Alias /rapp "/var/www/html/app/public"
<Directory /var/www/html/app>
AllowOverride None
Order Allow,Deny
Allow from All
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
#RewriteBase /app
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(?!public/index.php)$ public/index.php$1 [L]
</IfModule>
</Directory>
I managed to resolve the problem !!!
I'm not sure the config is "proper" though but it seems to work.
Here is my working app.conf file (in /etc/apache2/sties-enabled/app.conf)
Alias /app "/var/www/html/app/public"
<Directory /var/www/html/app>
AllowOverride None
Order Allow,Deny
Allow from All
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteRule (/public) - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>
</Directory>
The first RewriteRule is to prevent from internal Rewrite loop when I rewrite url like example.com/app/page-1 to example.com/app/public/index.php/page-1.
As page-1 is not a directory or a file it will loop infinitely.
So I assume as soon as I have a /public part, the rewrite worked and we stop the rewrite by doing nothing and end the rewrite with the [L] flag.
I'm not suire why I had to remove the public/ part in the "final" RewriteRule (RewriteRule ^(.*)$ index.php/$1 [L]) though.
If someone have ideas to improve this config, feel free to leave comment.
The problem is the that your web server's document root (the directory that apache will make public via the url) and your project's document root (the public directory) are not the same. Instead your server points to the project directory. That is why you have to manually go into the project's document root by adding the public/ to the url.
You should avoid making the project directory accessible as this could expose your configuration and thus make your website vulnerable, e.g. by giving people access to your database through the credentials inside the config.
You might be able to achieve your goal by storing the project somewhere else and then only symlink your project's public dir to /var/www/html/app. This will probably require some changes to your apache config, e.g. adding Options FollowSymLinks.
Another, more elaborate, approach could be using mod_proxy. The configuration will roughly look like this:
# Your public server reachable from the outside
<VirtualHost *:80>
ProxyPass /app http://127.0.0.1:8080/
</VirtualHost>
# Your internal server where the requests are proxied to
<VirtualHost 127.0.0.1:8080>
<Directory /var/www/html/app/public>
AllowOverride All
Order Allow,Deny
Allow from All
</Directory>
...
</VirtualHost>
As you can see the internal web server points to your project's document root (public dir). You might have to do additional both in the apache setup and app, e.g. make sure trusted proxies are set correctly or adding ProxyPreserveHost On to the apache setup, but roughly this should point you in the right direction.
edit: I missed another obvious solution, using mod_alias to point your symfony app to /app:
Alias /app /var/www/html/app/public

htaccess block everything but index.php and folder public and files in it

I'm kinda new to htaccess, I'm trying to block everything but index.php, the folder public and the files it contain. I have googled around and got this so far. Its kinda working but it looks like the webserver dont have access to the files either. It opens index.php but no css,js or php files are included. I can also go to domain.com/folder/ and get to the index page but its empty i would want it to redirect to index.php if possible. And i also have no clue about how to open the public folder while everything else above is set.
AuthType Basic
order allow,deny
<Files ~ "^(index\.php|)$">
Allow from all
</Files>
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>
DirectoryIndex index.php
Replace all of your code with this mod_rewrite rule in your site root .htaccess:
DirectoryIndex index.php
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/(?:index\.php$|public/|.+\.(?:jpe?g|gif|png|ico|tiff|css|js)$) [NC]
RewriteRule . - [F]
This rule will block everything except public/ folder, index.php or any other file ending with .css, .js, images etc.

How to deploy Symfony2 on a shared-hosting?

I want to access my symfony app in production env (http://www.sample.com/amateur1/web/app.php) from this url http://www.sample.com/amateur1.
To do that I moved the .htacces file to http://www.sample.com/amateur1/.htaccess with this contents:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /web/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ app.php [QSA,L]
</IfModule>
But when I go to http://www.sample.com/amateur1 shows a 404 Error, and prod.log isn't written.
I also used RewriteBase /amateur1/web/ because I don't know If RewriteBase path is relative to the DocumentRoot of the server, Or from the path where the .htaccess file is located. Also tried /amateur1 and /amateur1/ as RewriteBase due to this answer Symfony2: How to deploy in subdirectory (Apache)
With the three try's, The Exceptions page appears unstyled, and not loading any image. But then I get the following error in prod.log file:
[2013-02-15 02:06:47] request.ERROR: Symfony\Component\HttpKernel\Exception\NotFoundHttpException: No route found for "GET /amateur1/" (uncaught exception) at /home/u105859802/public_html/amateur1/app/cache/prod/classes.php line 5121 [] []
What I'm doing wrong ?
In your configuration, apache uses public_html as the document root
If Symfony2 is installed in directory /home/u105859802/public_html/amateur1, the Symfony public directory to serve is /home/u105859802/public_html/amateur1/web/
You should use
RewriteBase /amateur1/web/
But beware, it is not safe
You have to protect your symfony directories! (configuration is accessible)
Why don't you try moving your symfony files in your private area ?
You can rename the Symfony web directory to public_html
See how to do that in documentation cookbook
So, my recommendation structure looks like below :
/home/u105859802/
vendor
src
app
bin
public_html (web by default in symfony2) <- the only public directory
In most of the shared hosting, you can't override Apache settings in that case may need to wright a redirection rule in .htaccess file
Options +FollowSymLinks +ExecCGI
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?mydomain\.com$ [NC]
RewriteRule !^projectName/ /projectName/web/app.php/%{REQUEST_URI} [L,NC]
this is the rule I used in my project .
You may need to provide full paths to your assets other ways they will not get loaded .

Resources