Zend Framework - Deny access to folders other than public folder
Posted
by Vincent
on Stack Overflow
See other posts from Stack Overflow
or by Vincent
Published on 2010-05-06T05:35:16Z
Indexed on
2010/05/06
5:58 UTC
Read the original article
Hit count: 229
All,
I have the following Zend application structure:
helloworld
- application
- configs
- controllers
- models
- layouts
- include
- library
- public
- .htaccess
- index.php
- design
- .htaccess
The .htaccess in the root folder has the following contents:
#####################################################
# CONFIGURE media caching
#
Header unset ETag
FileETag None
Header unset Last-Modified
Header set Expires "Fri, 21 Dec 2012 00:00:00 GMT"
Header set Cache-Control "max-age=7200, must-revalidate"
SetOutputFilter DEFLATE
#
#####################################################
ErrorDocument 404 /custom404.php
RedirectMatch permanent ^/$ /public/
The .htaccess in the public folder has the following:
Options -MultiViews
ErrorDocument 404 /custom404.php
RewriteEngine on
# The leading %{DOCUMENT_ROOT} is necessary when used in VirtualHost context
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} -s [OR]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} -l [OR]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
My vhost configuration is as under:
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "C:\\xampp\\htdocs\\xampp\\helloworld\\"
ServerName helloworld
ServerAlias helloworld
<Directory "C:\\xampp\\htdocs\\xampp\\helloworld\\">
Options Indexes FollowSymLinks
AllowOverride all
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>
</VirtualHost>
Currently, if the user visits, http://localhost, my .htaccess files above make sure, the request is routed to http://localhost/public automatically. If the user visits any other folder apart from public folder from the address bar, he gets a directory listing of that folder.
How can I make sure to deny the user access to every other folder except the public folder? I want the user to be redirected to the public folder if he visits any other folder. However, if the underlying code requests something from other folders, (ex: ) it should still work..
Thanks
© Stack Overflow or respective owner