tags:

views:

154

answers:

1
Q: 

Zend Framework - Deny access to folders other than public folder

All,

I have the following Zend application structure:

helloworld
 - application
     - configs
     - controllers
     - models
     - layouts
 - include
 - library
 - public
    - .htaccess
    - index.php
 - design
 - .htaccess

Currently, if the user visits, http://localhost, my .htaccess files above make sure, the request is routed to http://localhost/public automatically. If the user visits any other folder apart from public folder from the address bar, he gets a directory listing of that folder.

How can I make sure to deny the user access to every other folder except the public folder? I want the user to be redirected to the public folder if he visits any other folder. However, if the underlying code requests something from other folders, (ex: ) it should still work..

Thanks

+1  A: 

The easiest method (and the method that the Zend Framework setup is designed to be used with) is to only put the contents of the public folder under the DocumentRoot. Everything else should go outside the DocumentRoot.

If you can't do this for some reason, you could put a .htaccess in each of the other subdirectories with: Order Allow,Deny Deny from all

Response to comments:

Your application shouldn't need the application/controller directory (or any directory except 'public') to be under the DocumentRoot. PHP includes can be from outside of the DocumentRoot (normally).

If you're following the typical suggested Zend Framework application folder structure correctly, all resources which need to be directly accessible from the browser (ie. images/flash/multimedia, javascripts, css and index.php) should be inside the public directory.

Also, with regards to .htaccess, you should only need a .htaccess file in the top level of the directory tree, so in your example above, you would put one in each of: application, include, library and design.

AllenJB  2010-05-06 05:53:00
So, you mean my document root should point to C:\\xampp\\htdocs\\xampp\\helloworld\\public\\ . That doesn't work for me, because if the code requests for /application/controller/action, it can't find it..
Vincent  2010-05-06 05:57:45
an .htaccess file in each and every directory doesnt look promising. there are many many subdirectories
Vincent  2010-05-06 05:59:04
Perfect.. Thanks.. !
Vincent  2010-05-06 07:08:17

related questions

Views in separate assemblies in ASP.NET MVC
Using ASP.NET MVC, how to best avoid writing both the Add View and Edit View?
Best way to bind Windows Forms properties to ApplicationSettings in C#?
What's the best way to implement field validation using ASP.NET MVC?
How do I handle page flow in MVC (particularly asp.net)
How do I get rid of Home in ASP.Net MVC?
ASP.NET Model-view-controller (MVC) - where do I start from?
php Zend / MVC without mod_rewrite
RSS Feeds in ASP.NET MVC
MVC Learning Resources
Validating posted form data in the ASP.NET MVC framework
A Stack Overflow Podcast throwback: What is to be done about tag soup?
Use the routing engine for form submissions in ASP.NET MVC Preview 4
How do you get a custom id to render using HtmlHelper in MVC
MVC pattern question: Who has what? who calls what?
MVC Preview 4 - No route in the route table matches the supplied values.
Is there a way to include a fragment identifier when using Asp.Net MVC ActionLink, RedirectToAction, etc. ?
In ASP.NET MVC I encounter an incorrect type error when rendering a user control with the correct typed object
Public/Popular Websites using JavaServer Faces
ASP.NET MVC - Is it worth it yet?
Multiple languages in an ASP.NET MVC application?
Is it better to create Model classes, or just stick with generic database utility class?
Looking for a MVC Sample for WinForms
What are MVP and MVC and what is the difference?
How to RedirectToAction in ASP.NET MVC without losing request data