{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 家丑人穷心不美 的问题《Why should we keep index.php in the public folder》','https://www.manongdao.com/q-595182.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I still don't quite understand why we must keep index.php in a public directory instead of in the root directory.
root/of/project
public/
index.php
.htacess
(html, image, css, etc)
Then, write the following in our virtual host file:
DocumentRoot /path/to/myapp/app/public
<Directory "/path/to/myapp/app/public">
# other setting here
</Directory>
The .htaccess file then redirects all non-existing URLs to index.php:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [QSA,L]
I notice that most frameworks do so, such as Symfony and Zend, just as this tutorial. What is the actual benefits really by having the trouble of modifying the virtual host file?
Why shouldn't we do have this below instead without modifying the virtual host file? Is it a security risk or something?
root/of/project
index.php
.htacess
public/
(html, image, css, etc)
If keeping index.php and modifying the virtual host file is better, how can we modify the virtual host file in the live server then? Let's say I have this domain name, http://my-website.com/ and I access it on my browser, what I see first is not the web page but the directories below untill I click the public directory then I see the home page,
root/of/project
public/
index.php
.htacess
(html, image, css, etc)
I assume that this is the same for Zend or Symfony project as well without being able to modify the virtual host file in the live server. I am no good at these frameworks, I will see this below if I upload my Zend project to the live server,
So, how do you deploy your Zend or Symfony project to your live server to see your web page right away?
It is a very good idea to keep
index.phpoutside of your project root directory because of one simple reason:You don't want your user to access any files other that one in public folder (index.php, css, js etc). When you will put index.php in root folder you will be also able to access
composer.jsonfile for example which is a security risk - a potential hacker will know what packages are you using, in which versions so it's easier for him to perform attack.When it comes to your hosting - you should have some
public_htmlfolder on your root directory which is meant to be public folder (web) of yourSymfonyapp and you should also be able to keep files outside of public folder. If you don't - you really need to think about changing hosting partnerEDIT: Answering your comment. Let's assume you have
public_htmlfolder on your hosting and you want to deploySymfonyapp which should be accessible directly onhttp://your-domain.com. Then you should put wholeSymfonyproject anywhere (but outside ofpublic_htmlfolder) and make apublic_htmlfolder a symbolic link towebfolder of yourSymfonyproject. This action is equivalent of editing virtual host and changingDocumentRootwhich, I assume, you are not able to do.You can also check my answer on another question to get more clarification