Matic Posted August 13, 2013 Share Posted August 13, 2013 I am curious about server access. Lets say you buy a hosting service, can you manually decide which directories will be public and which will be off limits? Do public directories have to include views (templates)? Because in a lot of frameworks I see views in private directories. Can you block access via .htaccess and only allow users to browse certain pages? How do you prevent them from browsing your entire php app files? I know this is a lot of question but a simple overview about directory structure in apache servers will do, since I am building one. Quote Link to comment https://forums.phpfreaks.com/topic/281138-website-server-directory-access/ Share on other sites More sharing options...
requinix Posted August 13, 2013 Share Posted August 13, 2013 - Depends what you bought. If it's shared hosting then you have some flexibility but really not that much. Dedicated hosting means you can do whatever you want. - Unless you have really locked-down shared hosting (less and less common these days) then you can make any directory "public" or "private". - Public directories can contain whatever you want. They probably shouldn't have views/templates because those files are no good if executed directly. In fact they might even have some code in them that shouldn't be seen at all. Generally such directories have things like CSS and Javascript and image files instead. - Yes, making a directory public or private is done in Apache through .htaccess (or a server-level configuration file). That's what you would use to block browsing. Quote Link to comment https://forums.phpfreaks.com/topic/281138-website-server-directory-access/#findComment-1444835 Share on other sites More sharing options...
Matic Posted August 13, 2013 Author Share Posted August 13, 2013 - Depends what you bought. If it's shared hosting then you have some flexibility but really not that much. Dedicated hosting means you can do whatever you want. - Unless you have really locked-down shared hosting (less and less common these days) then you can make any directory "public" or "private". - Public directories can contain whatever you want. They probably shouldn't have views/templates because those files are no good if executed directly. In fact they might even have some code in them that shouldn't be seen at all. Generally such directories have things like CSS and Javascript and image files instead. - Yes, making a directory public or private is done in Apache through .htaccess (or a server-level configuration file). That's what you would use to block browsing. But the public directories must contain controllers then, or some sort of web pages to view? Because if it doesn't matter, what is stopping me from throwing everything in the private file and never worry about security? Quote Link to comment https://forums.phpfreaks.com/topic/281138-website-server-directory-access/#findComment-1444840 Share on other sites More sharing options...
kicken Posted August 13, 2013 Share Posted August 13, 2013 But the public directories must contain controllers then, or some sort of web pages to view? Not necessarily. You'd need at least one file, your main router, within the public directly in order to process the requests. All the rest of your controllers/includes could be within a private directory and PHP will still be able to access them. It's not uncommon to have controllers/views/etc in a directory above the document root directory so that they are not accessible via the web server at any url. Then you just have a single index.php file in the document root which all the requests get re-written to. That PHP file would then include() the other files as necessary to complete the request. Quote Link to comment https://forums.phpfreaks.com/topic/281138-website-server-directory-access/#findComment-1444848 Share on other sites More sharing options...
requinix Posted August 13, 2013 Share Posted August 13, 2013 It's actually possible to URL rewrite to a non-public file so you could have a "public" directory with absolutely nothing inside. You'd still need it because Apache wants a directory for the website, but you could have requests for everything be sent to a file somewhere. Quote Link to comment https://forums.phpfreaks.com/topic/281138-website-server-directory-access/#findComment-1444860 Share on other sites More sharing options...
Matic Posted August 13, 2013 Author Share Posted August 13, 2013 Thanks for the answers, they raise another question though. How do you make a root directory? Isn't the place you get with the server always the "root"? Or can you access diferent folders on a bought server? Quote Link to comment https://forums.phpfreaks.com/topic/281138-website-server-directory-access/#findComment-1444868 Share on other sites More sharing options...
requinix Posted August 13, 2013 Share Posted August 13, 2013 Which "root" are you talking about? The root of the server should be irrelevant when talking about setting up a specific site. There's also the root of the website which is typically like /var/www or /home/user/public_html. If you've bought the entire server then you have access to the entire server. It's yours. Do with it as you wish. Quote Link to comment https://forums.phpfreaks.com/topic/281138-website-server-directory-access/#findComment-1444893 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.