Zend2 without Virtual Host

Question

I have Zend2 website configured on an Ubuntu machine. Project Path: /var/www/zf2/

Virtual host configuration:

<VirtualHost *:80>
ServerName zf2.localhost
DocumentRoot /var/www/html/zf2/public
SetENV APPLICATION_ENV "development"
<Directory /var/www/html/zf2/public/>
DirectoryIndex index.php
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

Accessing "localhost/zf2" list the files in the directory. Is there anyway to access this zend2 website without virtual host i.e with localhost/zf2 ? I already tried by adding .htacess in /var/www/html/zf2, but it does not budge. Any help will be highly appreciated!

Answer 1

The question isn't very clear, but if you're asking if it's possible for someone to access your ZF site without using the zf2.localhost hostname, then because of the way you have set it up, yes (and you should definitely change this).

By default, Apache on Ubuntu has localhost setup to point at /var/www/html/. So by putting your ZF2 app in a subfolder of that, it will be possible for someone to access your ZF app (including files outside of its document root) via. localhost. This is a potential security hole which you should fix. Simply move your ZF2 app to a different folder that isn't inside /var/www/html (e.g. /var/www/zf2) and you won't have this issue.

Also note that if you are using a reasonably recent version of Ubuntu, you will be running Apache 2.4, and your vhost isn't setup correctly. See the second example here: http://framework.zend.com/manual/current/en/ref/installation.html#apache-setup