dqz84361326
2014-05-12 01:31
采纳率: 0%
浏览 157
已采纳

Laravel 4:阻止访问除public之外的任何文件或文件夹

I'm working on small project, and will host it on normal Godaddy host plan, the problem is: all file system will be accessible through internet.

so, how can I prevent access to any folder or file except /public

CONTRIBUTING.md  
app/     
artisan  
bootstrap/   
composer.json    
composer.lock    
phpunit.xml  
public/  
server.php   
vendor/

thanks,

图片转代码服务由CSDN问答提供 功能建议

我正在研究小项目,并将其托管在正常的Godaddy主机计划上,问题是:所有文件 系统可以通过互联网访问。

所以,我怎样才能阻止访问任何文件夹或文件,除了/public

CONTRIBUTING.md  
app / 
artisan 
bootstrap / 
composer.json 
composer.lock 
phpunit.xml 
public / 
server.php 
vendor / 
   
 
 

谢谢,< / p>

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • dongqishou7471 2014-05-12 01:40
    已采纳

    Why not split the project up? Upload the contents of public to your document root and the rest somewhere else (like your home directory). Then just modify the two paths in the public/index.php file to point to the right locations, eg

    $path = __DIR__ . '/../my-app';
    
    require $path . '/bootstrap/autoload.php';
    
    $app = require_once $path . '/bootstrap/start.php';
    
    点赞 打赏 评论
  • duaedf6509 2014-05-12 01:46

    If you point your apache site document root to /public, there is no way people can access any other file in your application outside your public. Even if they try to do things like:

    http://yoursite.com/../
    

    EDIT:

    This is not something you should rely on a framework to do, securing directories on your site is the web server job, so you need to find a solution on your server: virtual host, document root, web root, domain directory or even .htaccess configuration.

    In some shared hosting companies you can do that easily, some have cPanel or Plesk, but other, like Hostgator, will give you just enough configuration so you can change your directory root to /public. Looks like GoDaddy doesn't help much if you don't have a cPanel account, but, still, there are tricks to help you doing it the way you should be doing: http://support.godaddy.com/help/article/4067/setting-up-a-non-web-accessible-root-folder. Probably there are others around.

    点赞 打赏 评论

相关推荐 更多相似问题