Zend Framework - Deny access to folders other than public folder

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Vincent on Stack Overflow See other posts from Stack Overflow or by Vincent
Published on 2010-05-06T05:35:16Z Indexed on 2010/05/06 5:58 UTC
Read the original article Hit count: 225

Filed under:
|
|
|
|

All,

I have the following Zend application structure:

helloworld
 - application
     - configs
     - controllers
     - models
     - layouts
 - include
 - library
 - public
    - .htaccess
    - index.php
 - design
 - .htaccess

The .htaccess in the root folder has the following contents:

#####################################################
# CONFIGURE media caching
#
Header unset ETag
FileETag None

Header unset Last-Modified
Header set Expires "Fri, 21 Dec 2012 00:00:00 GMT"
Header set Cache-Control "max-age=7200, must-revalidate"
SetOutputFilter DEFLATE

#
#####################################################

ErrorDocument 404 /custom404.php
RedirectMatch permanent ^/$ /public/

The .htaccess in the public folder has the following:

Options -MultiViews

ErrorDocument 404 /custom404.php

RewriteEngine   on
# The leading %{DOCUMENT_ROOT} is necessary when used in VirtualHost context
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} -s [OR]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} -l [OR]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]

RewriteRule ^.*$ index.php [NC,L]

My vhost configuration is as under:

<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot "C:\\xampp\\htdocs\\xampp\\helloworld\\"
    ServerName helloworld
    ServerAlias helloworld
    <Directory "C:\\xampp\\htdocs\\xampp\\helloworld\\">
    Options Indexes FollowSymLinks
    AllowOverride all
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
    </Directory>
</VirtualHost>

Currently, if the user visits, http://localhost, my .htaccess files above make sure, the request is routed to http://localhost/public automatically. If the user visits any other folder apart from public folder from the address bar, he gets a directory listing of that folder.

How can I make sure to deny the user access to every other folder except the public folder? I want the user to be redirected to the public folder if he visits any other folder. However, if the underlying code requests something from other folders, (ex: ) it should still work..

Thanks

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about zend-framework

Related posts about mvc

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle