1

I am on shared hosting server and I am going to place zend application there but I can not touch httpd.conf file to make a virtual host as it is shared hosting and they do not allow me to do it.

If I keep index.php file and .htaccess in the public folder I have to make a virtual host to hide the public from the url.

So, I though that I can put the public folder files (index.php, .htaccess) in the site root thus I don't need to create a virtual server for this and my site is accessible without the need of public in url.

Is there anything make my site unsafe if I put index.php file out of public folder?

I speak English not well, so sorrry. Somethings i copied from other posts to describe things i want to explain.

I have tried this way but it still doesn't work, when i type localhost/public/zend/, it returns "Object not found"

Directory structure:

zend/
    application/
    library/
    public/
           index.php
           .htaccess
.htaccess

content of .htaccess in public folder:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]

content of .htaccess in root folder:

SetEnv APPLICATION_ENV development

RewriteEngine On
RewriteRule ^\.htaccess$ - [F]
RewriteCond %{REQUEST_URI} =""
RewriteRule ^.*$ /public/index.php [NC,L]
RewriteCond %{REQUEST_URI} !^/public/.*$
RewriteRule ^(.*)$ /public/$1
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^.*$ - [NC,L]
RewriteRule ^public/.*$ /public/index.php [NC,L]
Thanh Nguyen
  • 5,174
  • 11
  • 43
  • 74

4 Answers4

0

Well you wont be able to access index.php in that case. If you cant put things not in the web root then the best bet is to configure ZF to use a folder other than public as your doc root so your layout might look like:

application/
library/
modules/
public_html/
  index.php
  js/
  css/
  images/
prodigitalson
  • 60,050
  • 10
  • 100
  • 114
0

The "public" folder is an important key feature of the Zend Framework because it confines Apache to only read files in that directory. You should not have anything else than the public folder accessible via HTTP and moving the index file introduces easy threat of being vulnerable to exploits.

Check this out this link it might be helpful.

And if you are using Cpanel this here might be useful.

Community
  • 1
  • 1
ro ko
  • 2,906
  • 3
  • 37
  • 58
0

Is possible to have .htaccess and index.php without any kind of problems in the Apache's htdocs dir.

It's not mandatory to have a folder called "public", just to have the public part (public directory( and application part (the rest of project files) in different directories. The application part must not being accesible from the user's browser (so place it outside of the Apache document root)

Maks3w
  • 6,014
  • 6
  • 37
  • 42
0

There are many ways to make ZF work without having the ability to map the virtual host to a public folder.

This answer highlights many of them.

Personally, when I'm stuck with shared hosting and I am unable to remap, I tend to do the following :

  1. Keep the contents of the public folder (index.php, .htaccess, public assets like css, js, img, etc) up at the host-provided doc root, and

  2. Push the rest of the application down into a folder like _zf to which I add a Deny All directive in an .htaccess file. Then I modify the APPLICATION_PATH setting in index.php to point to _zf/application.

That's it.

Full details here.

Community
  • 1
  • 1
David Weinraub
  • 14,144
  • 4
  • 42
  • 64