Jump to content

  • Log In with Google      Sign In   
  • Create Account

Website server directory access


Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

  • You cannot reply to this topic
7 replies to this topic

#1 future_man   Members   -  Reputation: 124

Like
0Likes
Like

Posted 13 August 2013 - 02:02 PM

I am curious about server access. Lets say you buy a hosting service, can you manually decide which directories will be public and which will be off limits? Do public directories have to include views (templates)? Because in a lot of frameworks I see views in private directories. Can you block access via .htaccess and only allow users to browse certain pages? How do you prevent them from browsing your entire php app files?

 

I know this is a lot of question but a simple overview about directory structure in apache servers will do, since I am building one.



Sponsor:

#2 frob   Moderators   -  Reputation: 21155

Like
0Likes
Like

Posted 13 August 2013 - 02:13 PM

Yes, a .htaccess file is probably the most common solution.

 

The .htaccess configuration file can prevent directory browsing, force redirects to different pages, limit access to specific IP addresses or to specific username/password pairs, and much more.


Check out my personal indie blog at bryanwagstaff.com.

#3 future_man   Members   -  Reputation: 124

Like
0Likes
Like

Posted 13 August 2013 - 02:19 PM

What does that mean for the directory structure though? Can I just trough everything in private folders or I must allocate a directory that is available for public use?


Edited by future_man, 13 August 2013 - 02:19 PM.


#4 frob   Moderators   -  Reputation: 21155

Like
1Likes
Like

Posted 13 August 2013 - 02:55 PM

What does that mean for the directory structure though? Can I just trough everything in private folders or I must allocate a directory that is available for public use?

 

Either way, whatever works better for you.  The entire tree is tested, so if you have a .htaccess file in ../base/.htaccess it can interact with the file in ../base/sub1/sub2/sub3/.htaccess

 

 

The relevant portions of the documentation are the Directory config documentation (which only works if you can modify that configuration file) and the htaccess documentation.  Many hosting providers won't allow modifications to the Directory configuration, but you can include htaccess files anywhere you want.


Check out my personal indie blog at bryanwagstaff.com.

#5 markr   Crossbones+   -  Reputation: 1653

Like
1Likes
Like

Posted 13 August 2013 - 03:00 PM

In the Apache web server, you can use .htaccess to change the settings for a directory. This is typically used to block access to directories. However, its effectiveness is entirely dependent on the particular web server configuration. If the admin disables .htaccess, or screws something up, then your files become visible.

 

If you have .php include files, the easiest way of protecting them is to ensure that they end with .php. This will (hopefully) ensure that the web server will attempt to execute them rather than serving their contents. Another good way is to keep them outside of the web root.

 

However, nothing much can guard against a careless admin screwing the settings, it might be better to get a hosted VM where you can keep your web server configuration (and in particular, its setup scripts) in your own SCM system with your source code and nobody except for your own operations engineers gets to mess up the server config.

 

VMs are rediculously cheap - expect to pay less than $20 per month (if traffic is low).



#6 future_man   Members   -  Reputation: 124

Like
0Likes
Like

Posted 13 August 2013 - 03:06 PM

How do you make a root directory though? Isn't the place you get with the server always the "root"? Or can you access diferent folders on a bought server and place files in the more safer place for example?



#7 markr   Crossbones+   -  Reputation: 1653

Like
0Likes
Like

Posted 13 August 2013 - 03:09 PM

Hosting providers typically give you access to 1 level "above the root" (remember that in computing, trees grow "downwards" :) )

 

You can put files there but nobody can access them except for those with file-access to the hosting provider.



#8 future_man   Members   -  Reputation: 124

Like
0Likes
Like

Posted 13 August 2013 - 03:18 PM

 

You can put files there but nobody can access them except for those with file-access to the hosting provider.

 

Except if you have index.php with all of the includes in your root, am I right?






Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.



PARTNERS