Jump to content

Website server directory access


Matic

Recommended Posts

I am curious about server access. Lets say you buy a hosting service, can you manually decide which directories will be public and which will be off limits? Do public directories have to include views (templates)? Because in a lot of frameworks I see views in private directories. Can you block access via .htaccess and only allow users to browse certain pages? How do you prevent them from browsing your entire php app files?

 

I know this is a lot of question but a simple overview about directory structure in apache servers will do, since I am building one.

Link to comment
Share on other sites

- Depends what you bought. If it's shared hosting then you have some flexibility but really not that much. Dedicated hosting means you can do whatever you want.

- Unless you have really locked-down shared hosting (less and less common these days) then you can make any directory "public" or "private".

- Public directories can contain whatever you want. They probably shouldn't have views/templates because those files are no good if executed directly. In fact they might even have some code in them that shouldn't be seen at all. Generally such directories have things like CSS and Javascript and image files instead.

- Yes, making a directory public or private is done in Apache through .htaccess (or a server-level configuration file). That's what you would use to block browsing.

Link to comment
Share on other sites

- Depends what you bought. If it's shared hosting then you have some flexibility but really not that much. Dedicated hosting means you can do whatever you want.

- Unless you have really locked-down shared hosting (less and less common these days) then you can make any directory "public" or "private".

- Public directories can contain whatever you want. They probably shouldn't have views/templates because those files are no good if executed directly. In fact they might even have some code in them that shouldn't be seen at all. Generally such directories have things like CSS and Javascript and image files instead.

- Yes, making a directory public or private is done in Apache through .htaccess (or a server-level configuration file). That's what you would use to block browsing.

 

But the public directories must contain controllers then, or some sort of web pages to view? Because if it doesn't matter, what is stopping me from throwing everything in the private file and never worry about security?

Link to comment
Share on other sites

But the public directories must contain controllers then, or some sort of web pages to view?

Not necessarily. You'd need at least one file, your main router, within the public directly in order to process the requests. All the rest of your controllers/includes could be within a private directory and PHP will still be able to access them. It's not uncommon to have controllers/views/etc in a directory above the document root directory so that they are not accessible via the web server at any url. Then you just have a single index.php file in the document root which all the requests get re-written to. That PHP file would then include() the other files as necessary to complete the request.

Link to comment
Share on other sites

It's actually possible to URL rewrite to a non-public file so you could have a "public" directory with absolutely nothing inside. You'd still need it because Apache wants a directory for the website, but you could have requests for everything be sent to a file somewhere.

Link to comment
Share on other sites

Which "root" are you talking about? The root of the server should be irrelevant when talking about setting up a specific site. There's also the root of the website which is typically like /var/www or /home/user/public_html.

 

If you've bought the entire server then you have access to the entire server. It's yours. Do with it as you wish.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.