If running any zend application it is recommended to ceate the vhost.
Why is it so?
Although the public part form the url can be removed by copying the index.php and .htaccess file to root of project directory.
Well... yes, technically can just copy index.php and .htaccess to the root of the project directory. However, by doing that you will expose all of your application files to the public.
For example, someone could try to access your config file like this: http://yourhost/yourproject/application/configs/config.ini
This will actually display the content of the config file (which might include sensitive data like your database configuration) unless you explicitly configure something in your .htaccess to prevent this.
When using a vhost with the DocumentRoot set to the public dir, that means that no file outside the public directory will be accessible from an URL. And since you should normally only have the index.php file in there, you ensure that your application is always accessed from that starting point.
Related
Naturally, I have a .htaccess file in /var/www/html.
However, I'd like to use an independant file (e.g. .rewrites) within /var/www/html that only contains my URL rewrites. Is this possible to achieve by adding a line in the .htaccess files telling it to include the .rewrites file when being read?
Long story short: no, I'm affraid it can't be done. There is no way, at the time of writing this, to "merge" or "include" contents in an .htaccess file.
It is possible to declare multiple files names in the apache AccessFileName directive, however, the first one from the list that's found in the directory wins, and, as they can't be merged, others (if present) should just be ignored, afaik.
Edit: You can read the (very) long version at Apache Docs and check the directives marked 'h' (for .htaccess).
While you cant put all your rewrites in 1 .htaccess file, what I do is instead of using .htaccess files I put all my rewrites in the apache config files directly. This assumes you admin the web server and have access to the config files, and you dont have users that need access to them.
Years ago, I would just have a section in httpd.conf where I put all my rewrites but since Redhat and others have split up the configs into seperate files I have a file in /etc/httpd/conf.d/rewrites.conf that contains all the rewrites.
I need to put something in a directory on my web server that starts with ., i.e. the path would be my.domain/.something/somefile.
However, it seems that my Apache configuration blocks all access to hidden directories.
How do I change the config so that access to this one particular directory is allowed?
The default configuration from the apache.org distribution has no problem serving files from a .something subdirectory of the document root. You'd have to search your own logs and configuration for a problem.
I have a domain that'll be using Zend Framework and I need to modify the documentroot for this particular domain to resolve to Zend's path.
Anyone know how to update the virtualhost on a particular domain?
Typically, you don't have to modify the document root.
Put your application files one level above your document root, and put the contents of the zend public folder in whatever your document root is (e.g. public_html or htdocs).
I have to add a password protected zone to a site I am working on (using the .htpasswd file). The thing is the whole directory structure it's being pointed at doesn't exist and is created through mod_rewrite.
Will it still work, or does the directory actually have to physically exist on the server?
Clarification:
While I may need to password protect the directory:
http://sitename/category/protected/
mod_rewrite translates this to:
index.php?category=category&directory=protected
So the actual directory does not exist. Is it still protectable?
You can add the access rules to the apache config file (httpd.conf or similar) in a Directory or Location tag instead of adding it in the .htaccess file.
Your rewrite rules will ultimately point to some files in a directory on your system (unless they redirect users to some external location). The authentication setup should be on the underlying directory that will be accessed.
How do you write rules to redirect all requests to *.php and *.html files in upload/ folder to a text file name forbidden.txt in root www folder. What I'm trying to do exactly is preventing script execution in this dir by redirecting those requests to the text file
Note: The upload/ folder is accessibly by ftp used by a group of people to upload files so I cannot place htaccess inside this folder.
Create an .htaccess file at the root level of your site containing
RedirectMatch ^/upload/.+(html|php)$ http://www.yoursite.com/forbidden.txt
You could also try switching off the PHP engine in that directory by creating an .htaccess file in /upload/ containing:
php_value engine off
although you would need to ensure that people cannot upload files with the name .htaccess
Put your htaccess rules in httpd.conf instead.
If you can't edit httpd.conf, then your best bet is to not allow web access to that directory at all. Let FTP users access a folder outside of your web directory and then provide a mechanism for retrieving the file contents.
You could name that directory "upload". Then you could have your .htaccess file make requests to /upload/myfile execute upload.php, which finds ../upload/myfile and spits backs its contents. This way it would appear to users that they are accessing the "upload" folder directly, but you would the level of control you want through the PHP script.