1

this is my current ".htaccess" file (placed on my documentroot):

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

My project structure is:

app/ <---- here i have all my php code
public/ <----- css/js/images
.htaccess
index.php <---- starting point

I wish to deny direct access to my app files, like "/app/controller/controllerName.php" (i will handle all my request by using a router instead...), how can i achieve this? Without touching the public folder tree?

cl0udw4lk3r
  • 2,663
  • 5
  • 26
  • 46
  • 3
    What about another `.htaccess` file inside `app/` with `Deny From all` ? – Teneff Jan 04 '13 at 16:38
  • 1
    As @Teneff said, you can you polymorphism to override the super .htaccess with a child one and deny all access from there. [Possible duplicate](http://stackoverflow.com/questions/409496/prevent-direct-access-to-a-php-include-file) – Hamed Al-Khabaz Jan 04 '13 at 16:40
  • Interesting, I do some tests – cl0udw4lk3r Jan 04 '13 at 16:53

1 Answers1

2

For your current .htaccess if might make sense to do this:

ErrorDocument 404 index.php?error=404

That allows server to send proper "404" header to the client, and it still gives you control over the response. When you are at it, you might want to create entries for 400, 401, 403 and 500 errors too.

As for denying access to app/ folder, just drop .htaccess in it with this in:

Deny From All
Sasha
  • 118
  • 7
  • Interesting, i can route my errors to my possible ErrorController too? Like this: "ErrorDocument 404 /error/404" – cl0udw4lk3r Jan 04 '13 at 17:01