Zend Framework - Deny access to folders other than public folder

Posted by Vincent on Stack Overflow See other posts from Stack Overflow or by Vincent
Published on 2010-05-06T05:35:16Z Indexed on 2010/05/06 5:58 UTC
Read the original article Hit count: 229

Filed under:
|
|
|
|

All,

I have the following Zend application structure:

helloworld
 - application
     - configs
     - controllers
     - models
     - layouts
 - include
 - library
 - public
    - .htaccess
    - index.php
 - design
 - .htaccess

The .htaccess in the root folder has the following contents:

#####################################################
# CONFIGURE media caching
#
Header unset ETag
FileETag None

Header unset Last-Modified
Header set Expires "Fri, 21 Dec 2012 00:00:00 GMT"
Header set Cache-Control "max-age=7200, must-revalidate"
SetOutputFilter DEFLATE

#
#####################################################

ErrorDocument 404 /custom404.php
RedirectMatch permanent ^/$ /public/

The .htaccess in the public folder has the following:

Options -MultiViews

ErrorDocument 404 /custom404.php

RewriteEngine   on
# The leading %{DOCUMENT_ROOT} is necessary when used in VirtualHost context
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} -s [OR]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} -l [OR]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]

RewriteRule ^.*$ index.php [NC,L]

My vhost configuration is as under:

<VirtualHost *:80>
    ServerAdmin [email protected]
    DocumentRoot "C:\\xampp\\htdocs\\xampp\\helloworld\\"
    ServerName helloworld
    ServerAlias helloworld
    <Directory "C:\\xampp\\htdocs\\xampp\\helloworld\\">
    Options Indexes FollowSymLinks
    AllowOverride all
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
    </Directory>
</VirtualHost>

Currently, if the user visits, http://localhost, my .htaccess files above make sure, the request is routed to http://localhost/public automatically. If the user visits any other folder apart from public folder from the address bar, he gets a directory listing of that folder.

How can I make sure to deny the user access to every other folder except the public folder? I want the user to be redirected to the public folder if he visits any other folder. However, if the underlying code requests something from other folders, (ex: ) it should still work..

Thanks

© Stack Overflow or respective owner

Related posts about zend-framework

Related posts about mvc