All,
I have the following Zend application structure:
helloworld
- application
- configs
- controllers
- models
- layouts
- include
- library
- public
- design
-- css
-- site.css
-- js
-- global.js
-- images
-- siteheader.gif
-- sitefooter.gif
- .htaccess
- index.php
My .htaccess file in public folder looks like this:
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
My document root points to the "public" folder. Currently, if the user visits a directory level URL, (Ex: http://localhost/design or localhost/css) , my .htaccess file above make sure to show him the "Access Forbidden" page. But if he visits the file level URL, (Ex: http://localhost/design/css/site.css), it shows him the CSS file or the js file or PHP file..
How can I make sure to lock file level access for the above file types, if accessed directly from the URL? Since my application is JS intensive, I want to protect it from users looking at it.
Thanks