My directory structure is as follows:
-application
-system
-assets
--images
--downloads
--css
index.php
I created assets as suggested on stackoverflow,I wanted to restrict access to downloads so placed .htaccess file in assets folder with the following directive
Deny from all
now its protected but as assets has css files and those are also not accessible too.
Try to put the htaccess file to downloads file
Related
I have configured the database credentials in the .env file. But I can access the file .env file from the browser and it displays all the variables in the .env file.
How do I make it secure so it is not publicly readable?
My folder structure is like this:
public_html/project/
.env
app
public
system
writable
The application is accessed from domain.com/project/public.
In fact you're not installing the project correctly on your server
The public_html folder should contain files that are intended to be accessible by the browser
In the case of CodeIgniter 4, the contents of the public_html folder are the contents of public folder, you usually put the front controller index.php and your assets folder inside public_html
The rest of folders and files goes next to public_html, so your folder structure needs to look like this:
|__.env
|__app
|__public_html
|____index.php
|____assets
|__system
|__writable
Try to prevent it from .htaccess
<Files .env>
Order allow,deny
Deny from all
</Files>
I have a "site" setup to allow myself some "public" downloads.
So in the root folder of the site I have an htaccess file containing
Options +Indexes
IndexOptions +FancyIndexing
Inside the site I have a couple folders with files for downloading, etc...
How can I disable the ability to get into the parent folder once inside one of these folders?
For instance...
http://o7thwd.com/dl/Mine
I'd like to prevent the Parent Directory from showing and being able to do anything...
Remove the .htaccess file from the site's root folder.
Put the following (same as in your question) in .htaccess file in every sub-folder that needs to be public:
Options +Indexes
IndexOptions +FancyIndexing
I have installed the plugin 'Advanced Search Plugin Like Facebook Search' of younet and I noticed the error that application/modules/Core/externals/scripts/ynadvsearch.php is not found.
Then I checked the location and the file was there. So I uploaded a test.php file and typed the url in address bar then also I could not access the test.php page. But I am able to access all the js pages on that folder.
I have deleted the htaccess file of external folder. But the issue remains the same.
How can we fix this?
It's a little weird, usually /externals/scripts folder is used only for javascript-files (and all php-files - inside of /controllers folder).
File .htaccess inside of /externals folder contains a rule
<FilesMatch "\.avi|flv|mov|wmv|wma|mp3|mp4|m4a|mkv|swf|pdf|doc|ppt|ico|jpg|jpeg|png|gif|js|css)$">`
It means that *.php files are not allowed for access inside of this folder.
For testing I hosted my website on free server from 000webhost.com
They have a directory structure:-
(root folder) \
(public folder) \public_html
this directory structure enables to keep all the library files in root folder and all public data in \public_html, so I developed my website accordingly, and my final structure looked like:-
/
/include(this folder contains library files)
/logs(log files)
/public_html
/public_html/index.php
/public_html/home.php
/public_html/and other public files
on 000webhost makes only public_folder available to be accessed via url and my url looked neat and clean like
www.xample.com/index.php
or
www.example.com/home.php
but after completion of development I moved website to shared host purchased from go-daddy.com, now they do not have any such kind of directory permission, all the files are kept in root folder and are accessible via url also url has become like:-
www.example.com/public_html/home.php
or
www.example.com/public_html/index.php
How should I redirect url request to public_html folder again so as to make library file unavailable to public access and make url neat and clean.
Does Godaddy allow you access to Apache?
If so you might be able to modify document root in such a way that the public folder is on the same level as the library and log folders.
Otherwise you will be left in the same situation as many other who use shared hosting and have to protect your folders with .htaccess files.
I have a private folder that contains all of the private scripts and resources that I use for my website. I'm using .htaccess in the private folder to
deny from all
which works successfully, giving a 403. However, index.php uses javascripts and css from the private folder which means it's also getting restricted. How do I fix this?
You need to move the JavaScript and CSS files to a public directory so that users can download them so that they can view the web page correctly. If you want, you can disable browsing of the public directory by adding a .htaccess file in that directory with the following content:
Options -Indexes