• Advertisement
Sign in to follow this  

Website server directory access

This topic is 1655 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I am curious about server access. Lets say you buy a hosting service, can you manually decide which directories will be public and which will be off limits? Do public directories have to include views (templates)? Because in a lot of frameworks I see views in private directories. Can you block access via .htaccess and only allow users to browse certain pages? How do you prevent them from browsing your entire php app files?

 

I know this is a lot of question but a simple overview about directory structure in apache servers will do, since I am building one.

Share this post


Link to post
Share on other sites
Advertisement

Yes, a .htaccess file is probably the most common solution.

 

The .htaccess configuration file can prevent directory browsing, force redirects to different pages, limit access to specific IP addresses or to specific username/password pairs, and much more.

Share this post


Link to post
Share on other sites

What does that mean for the directory structure though? Can I just trough everything in private folders or I must allocate a directory that is available for public use?

Edited by future_man

Share this post


Link to post
Share on other sites

What does that mean for the directory structure though? Can I just trough everything in private folders or I must allocate a directory that is available for public use?

 

Either way, whatever works better for you.  The entire tree is tested, so if you have a .htaccess file in ../base/.htaccess it can interact with the file in ../base/sub1/sub2/sub3/.htaccess

 

 

The relevant portions of the documentation are the Directory config documentation (which only works if you can modify that configuration file) and the htaccess documentation.  Many hosting providers won't allow modifications to the Directory configuration, but you can include htaccess files anywhere you want.

Share this post


Link to post
Share on other sites

In the Apache web server, you can use .htaccess to change the settings for a directory. This is typically used to block access to directories. However, its effectiveness is entirely dependent on the particular web server configuration. If the admin disables .htaccess, or screws something up, then your files become visible.

 

If you have .php include files, the easiest way of protecting them is to ensure that they end with .php. This will (hopefully) ensure that the web server will attempt to execute them rather than serving their contents. Another good way is to keep them outside of the web root.

 

However, nothing much can guard against a careless admin screwing the settings, it might be better to get a hosted VM where you can keep your web server configuration (and in particular, its setup scripts) in your own SCM system with your source code and nobody except for your own operations engineers gets to mess up the server config.

 

VMs are rediculously cheap - expect to pay less than $20 per month (if traffic is low).

Share this post


Link to post
Share on other sites

How do you make a root directory though? Isn't the place you get with the server always the "root"? Or can you access diferent folders on a bought server and place files in the more safer place for example?

Share this post


Link to post
Share on other sites

Hosting providers typically give you access to 1 level "above the root" (remember that in computing, trees grow "downwards" :) )

 

You can put files there but nobody can access them except for those with file-access to the hosting provider.

Share this post


Link to post
Share on other sites

 

You can put files there but nobody can access them except for those with file-access to the hosting provider.

 

Except if you have index.php with all of the includes in your root, am I right?

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement