3
On a web server, I have a folder inside the root folder (public_html) that must be protected. It contains system files, settings, logs, classes and etc...
In general, what is the best option to protect access to the folder, to any file contained in it and to all its subdirectories?
2
Examples.
Change file httpd.conf or apache2.conf.
To block access to files with extension .conf and .log.
<Files ~ "(.conf|.log)">
Order allow,deny
Deny from all
</Files>
To block a directory that is located on Documentroot (I don’t know if that’s what you intend to do):
<Directory "/var/www/Projeto/configuracoes">
deny from all
</Directory>
References and other useful links:
1
Place system files in a directory without public access
Example
The Documentroot is defined in /var/www/site/public_html/
Then just put the system files in any other directory that is not public. Example /var/www/site/app/
So inside that directory would be something like this
/var/www/site/app/core/
/var/www/site/app/libs/
/var/www/site/app/vendor/
In the directory /var/www/site/public_html/, obviously you will have index.php.
In the index.php file just include the system files by doing the directory indentation.
Example: include __DIR__.'/../app/Core/Core.php';.
Log type files, can be in another location
Instead of /var/www/site/app/logs, suggest /var/www/site/logs/.
One reason is that when you need to backup your folder app, do not need to worry about skipping log files or other unnecessary.
Browser other questions tagged apache htaccess web-application directory
You are not signed in. Login or sign up in order to post.
I’m sorry, but can I go into a little more detail ? About how structured(s) these folders(s) are ?
– Edilson