What better option to protect directories and files in a root folder?

3

On a web server, I have a folder inside the root folder (public_html) that should be protected. It contains system files, settings, logs, classes and so on ...

Generally, what is the best option to protect access to the folder, any file contained in it and all its subdirectories?

    
asked by anonymous 26.09.2015 / 22:25

2 answers

2

Examples.

Change file httpd.conf or apache2.conf .

To block access to files with .conf extension and .log extension.

<Files ~ "(.conf|.log)">
    Order allow,deny
    Deny from all
</Files>

To block a directory that is located in DocumentRoot (I do not know if this is what you intend to do):

<Directory "/var/www/Projeto/configuracoes">
    deny from all
</Directory>

References and other useful links:

Pete Freitag - 20 ways to Secure your Apache Configuration

Stackoverflow - htaccess deny from all

    
26.09.2015 / 23:13
1

Put the system files in a directory with no public access

Example

DocumentRoot is set to /var/www/site/public_html/

So just put the system files in any other directory that is not public. Example /var/www/site/app/

So within that directory would look something like this /var/www/site/app/core/ /var/www/site/app/libs/ /var/www/site/app/vendor/

In the /var/www/site/public_html/ directory, obviously you have index.php. In the index.php file simply include the system files by doing the directory indentation.

Example: include __DIR__.'/../app/Core/Core.php'; .

Log files can be moved to another location

Instead of /var/www/site/app/logs , I suggest /var/www/site/logs/ .

One reason is that when you need to back up the app folder, you do not have to worry about skipping log files or other unnecessary log files.

    
28.09.2015 / 07:44