消息
创作中心
doubinduo3364 2014-05-07 11:48
浏览 68
已采纳

Godaddy上的CodeIgniter安装具有最佳安全性

On godaddy hosting public_html is given as a web root. I'm trying to install CodeIgniter on it so I'd like the whole framework to be outside of webroot (for security reasons). For this specific purpose, in the public_html directory I've created .htaccess with the following code:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?example.com$ [NC]
RewriteCond %{REQUEST_URI} !^/sub_webroot/
RewriteRule ^(.*)$ ./sub_webroot/index.php?$1 [L]

Directory/file structure looks like this:

public_html
    .htaccess
    CodeIgniter (whole framework files except index.php)
    sub_webroot
        index.php (CI index.php)
        assets
             sample.png

The framework is loaded successfully and index.php is removed as well. The problem which I am facing is that I can't open sample.png via example.com/assets/sample.png and it is obvious it is happening because of the line RewriteRule ^(.*)$ ./sub_webroot/index.php?$1 [L]. I can't made up my mind how it would be possible to access the assets directory and keep the framework working successfully as it is working now. Any ideas how to change .htaccess that meets my needs ?

  • 写回答

1条回答 默认 最新

  • duanpei8518 2015-07-07 00:11
    关注

    This is how we solved this problem: adding a condition to ignore the rewrite if requesting from the assets folder. You can add/remove options to ignore as required - really you only need the assets option in your case. 

    #Checks to see if the user is attempting to access a valid file,
#such as an image or css document
RewriteCond $1 !^(index\.php|assets|css|png|jpg|gif|robots\.txt|favicon\.ico)

    Place this before your RewriteRule.

    There's a pretty comprehensive Codeigniter .htaccess for troublesome hosts at: http://www.chrishjorth.com/blog/one-com-codeigniter-htaccess-rewrite-rules/, that's nicely commented:

    # @author: Chris Hjorth, www.chrishjorth.com
# Make index.php the directory index page
DirectoryIndex index.php
#Protect the .htaccess files
<Files .htaccess>
    order allow,deny
    deny from all
</Files>
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /subfolder/
    # START CodeIgniter ------------------------------------------------------------------------------------------------------------
    # based on http://www.danielwmoore.com/extras/index.php?topic=7691.0 and http://ellislab.com/forums/viewthread/132758/
    # Redirect default controller to "/".
    # This is to prevent duplicated content. (/welcome/index =&gt; /)
    RewriteRule ^(welcome(/index)?)/?$ /subfolder/ [L,R=301]
    # Remove /index/ segment on the URL, again to prevent duplicate content.
    RewriteRule ^(.*)/index/? $1 [L,R=301]
    # Remove trailing slashes, also to remove duplicate content
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    # Remove multiple slashes in between, just to remove the possibility of fabricating crazy links.
    RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
    RewriteRule . %1/%2 [R=301,L]
    # Ignore certain files and folders in this rewrite
    RewriteCond $1 !^(index\.php|assets|frameworks|uploads|robots\.txt|favicon\.ico)
    # [NC] = no case - case insensitive
    # [L] = Last rule, last rewrite for this set of conditions
    # [QSA] = Query String Append, should be used to prevent all redirects from going to your default controller, which happens on 
    # some server configurations.
    RewriteRule ^(.*)$ /subfolder/index.php?$1 [NC,L,QSA]
    # END CodeIgniter --------------------------------------------------------------------------------------------------------------
</IfModule>
# If Mod_rewrite is NOT installed go to index.php
<IfModule !mod_rewrite.c>
    ErrorDocument 404 /index.php
</IfModule>

    展开全部

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
编辑
预览

报告相同问题?

  • godaddy中的Codeigniter .htaccess php
    2014-10-26 04:17
    回答 4 已采纳 Have your /myfolder/myapp/.htaccess like this: <IfModule mod_rewrite.c> RewriteEngine
  • 使用php Codeigniter的mysql转储,与godaddy的服务器问题 mysql php
    2016-12-29 20:45
    回答 1 已采纳 You tagged to question with codeigniter. Once I done this. I am sharing the code with you, lets ho
  • Godaddy找不到CodeIgniter 404页面 php
    2015-12-26 07:05
    回答 1 已采纳 Change your all file names caps and controller name as simple Ex : Home.php and inside controller
  • 基于PHP的凉果域名米表展示系统.zip
    2023-07-26 15:33
    6. 安全性:考虑到域名交易涉及敏感信息,系统需要实现用户认证、授权机制,并对输入进行验证,防止SQL注入、XSS攻击等安全问题。 7. 性能优化:对于大型域名列表,系统可能需要实施缓存策略,如使用Memcached或...
  • 如何从GoDaddy子文件夹中的CodeIgniter站点中删除index.php php
    2015-02-25 21:45
    回答 2 已采纳 So, finally this is what worked for me, hope it helps somebody. The .htaccess file: RewriteEngin
  • Godaddy Wordpress Hosting上隐藏PHP错误 php
    2016-11-09 01:42
    回答 1 已采纳 To hide PHP errors on any WordPress portal, It doesn't matter where it hosted Please do the follow
  • 无法导航到CodeIgniter站点 php
    2018-07-05 06:06
    回答 1 已采纳 oh darn thing, you were right @sintakonte, one site was pointing somewhere else. Go daddy had a A
  • [PHP 程序]域名管理器 v0.1_mydomain.rar
    2024-04-06 12:59
    4. SSL证书管理:协助用户安装和更新SSL证书,提高网站的安全性。 5. 域名过户与锁定:提供域名过户功能,同时允许用户锁定域名,防止未经授权的转移。 6. 统计分析:统计域名流量、访问来源等数据,为用户提供决策...
  • PHP重定向或cookie,不是在Godaddy上工作,而是在localhost上工作 php
    2014-11-04 10:52
    回答 1 已采纳 It's easy. Unset the cookie. if (!isset($_COOKIE['Username'])){ require ('LoginFunctions.inc.
  • 通过PHPGoDaddy连接到远程AWS MySQL mysql php
    2014-11-12 15:08
    回答 1 已采纳 Based on the the information in the question and the comments, it is clear that GoDaddy's network
  • PHP文件上传/下载安全性 php
    2012-06-14 19:00
    回答 2 已采纳 First, you don't need the allow from 1.1.1.1 as this will allow you to access this directory via A
  • [源码][主机域名]php ajax 域名查询_domainsearch.rar
    2023-11-01 17:38
    10. **安全考虑**:对于任何Web应用,安全性都是重要的。这包括防止SQL注入,保护用户隐私,以及确保传输数据的安全(如使用HTTPS)。 以上就是基于标题和描述的可能涉及的技术点,每个点都可以深入学习和探讨,以...
  • 2024全网首发小迪安全第一课基础入门
    2024-11-17 16:30
    澜世的博客 企业拥有数据库的物理硬件和软件,需要负责数据库的安装、配置、维护、备份和安全性。 示例:一个公司在其内部服务器上运行的MySQL数据库,存储了公司的财务数据和客户信息。 分离数据(Separated Data): 分离数据...
  • 2022年最好用的后端框架有哪些?做开发的你一定要知道
    2022-04-28 13:04
    Java架构设计的博客 四个最佳后端框架推荐 ​ 本文最初发布于 Ace Infoway 博客。 在这个瞬息万变的世界中,网站和 Web 应用程序已经成为公司拥有卓越线上版图的关键。稳固的线上版图,特别是网站和应用程序,可以突破你的...
  • <转>web入门
    2019-07-22 08:46
    weixin_30457065的博客 优秀的编程框架贯彻了MVC的思想,并帮你实现了ORM, 用户模块,后台管理等功能,同时在防止SQL注入等安全性上也很有帮助,庞大的社区更提供各种插件和帮助。PHP下框架主要是CodeIgniter(在欧美最流行,最轻量级),...
  • web开发入门(转载)
    2011-11-01 07:30
    xiaozhupiggg的博客 优秀的编程框架贯彻了MVC的思想,并帮你实现了ORM, 用户模块,后台管理等功能,同时在防止SQL注入等安全性上也很有帮助,庞大的社区更提供各种插件和帮助。PHP下框架主要是CodeIgniter(在欧美最流行,最轻量级),...
  • 关于开源云计算平台软件的一些个人想法
    2015-12-25 06:57
    天府云创的博客 云计算拥有无限潜力有待人们开发挖掘,云计算的发展将给信息社会的发展带来历史性的飞跃,本文在介绍云计算及云计算平台构架的基础上,总结分析了当前主要的开源云计算平台的特征,通过简单的对比和初步分析,得出:...
  • 主流开源云计算软件大盘点
    2015-09-28 03:47
    远有青山的博客 虽然市面上有数量众多的商业软件可用于构建云基础设施,但是在你开始花血汗钱之前,也许应该看一下可供使用的开源方案。虽然开源云软件常常被称为是商业云软件的“替代品”,其实根本不是这样。而在许多情况下,开源...
  • web 开发入门分享
    2012-09-18 08:50
    skyming的博客 Xml可扩展标记语言 (Extensible MarkupLanguage, XML) ,用于标记电子文件使其具有结构性的标记语言,可以用来标记数据、定义数据类型,是一种允许用户对自己的标记语言进行定义的源语言。 XML是标准通用标记语言 ...
  • 没有解决我的问题, 去提问
手机看
程序员都在用的中文IT技术交流社区

程序员都在用的中文IT技术交流社区

专业的中文 IT 技术社区,与千万技术人共成长

专业的中文 IT 技术社区,与千万技术人共成长

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

 客服 返回
顶部