{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 迷人小祖宗 的问题《Exposed folders in MVC application》','https://www.manongdao.com/q-931364.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Well, as a start please excuse me for my beginner English..
I want to know more about security in PHP MVC applications
I've created my own MVC, I still haven't finished it.
My application directory is exposed by URL access with child elements.
How to make this hidden from visitors?
Following is what I am trying
Apache mod_rewrite ?
I still don't know to make it empty index.html in each folder like the framework Codeigniter ?
What to use for something to indicate ? and, ... how to make ?
Edit
I know a litte something about rewrite_rules
Below is my .htaccess
Options -MultiViews
RewriteEngine On
RewriteBase /ligia
#RewriteCond %{REQUEST_FILENAME} -f [OR]
#RewriteCond %{REQUEST_FILENAME} -l [OR]
#RewriteCond %{REQUEST_FILENAME} -d
#RewriteRule .+ -
#I know, it is commented
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule "^(.+)$" "index.php?uri=$1" [QSA,L]
But I am afraid if this is the best way to hold my MVC application security!?
I need help!
First make sure that your
.htaccessfile is in your document root (the same place asindex.php) or it'll only affect the sub-folder it's in (and any sub-folders within that - recursively).Next make a slight change to your rule so it looks something like:
At the moment you're just matching on . which is one instance of any character, you need at least .* to match any number of instances of any character.
If you want the whole shebang installed in a sub-directory, such as
/mvc/or/framework/the least complicated way to do it is to change the rewrite rule slightly to take that into account.And ensure that your index.php is in that folder whilst the .htaccess file is in the document root.
NC = No Case (not case sensitive, not really necessary since there are no characters in the pattern)
L = Last (it'll stop rewriting at after this Rewrite so make sure it's the last thing in your list of rewrites)
QSA = Query String Apend, just in case you've got something like ?like=penguins on the end which you want to keep and pass to index.php.