In my Yii web application some of the directories are accessible from the public URL (main directory or application folder) like js, css, images etc. How to avoid this problem. This is a major security issue, but I don't know how to fix this. Please help me...
Thanks in advance...
If you're using Apache, you can restrict access to directories doing the following:
Create a .htaccess file in your directory so path/to/directory/to/deny/.htaccess
Open .htaccess and add Deny from all
You have to turn of apache directory listing. Use the link below.
How do I disable directory browsing?
Then change all files and folders permissions of a directory to 644 and 755.
Change all files and folders permissions of a directory to 644/755
Let me know if you need help
Here is some instructions given in documentation.
1) It's important that the directory be writable by the webserver user so that Yii can publish the resources there when needed.
2) When a project has multiple versions (production, testing, development, etc.) do not copy the assets/ folders from one area to another; allow Yii to deploy them automatically in each area.
3) Do not manually edit any file under assets/ - if you have a real need to make a change, find the publishing module, edit the source, delete the subfolder under assets/, and let Yii re-publish the updated files.
4) Do not reference names under the assets/ folder directly (say, to get at some other module's assets). If you need to use that
5) Do not add the contents of the assets/ folder to any source-code control system; these files have master source in other places.
6) It is safe to delete everything under assets/. Yii will re-publish the assets if they are not found under assets/.
Hope it will help you :)
