Home Error writing .htaccess to protect Symfony Directories in Web App
Reply: 2

Error writing .htaccess to protect Symfony Directories in Web App

Diego Fernando Barrios Olmos
1#
Diego Fernando Barrios Olmos Published in 2017-11-14 15:23:45Z

I'm trying to publish my first Symfony Project in production, but I'm very worried about security, I have taken the following measures:

1) First: Delete on /var these directories: cache, logs and sessions

2) Second: Changed of default name for cookie session (client side: symfony)

3) Trhee: Creating a .htaccess in root directory of application

My problem is about the .htaccess. The goal is dennied access to others directories of application like: /app, /src, /test, /var, /vendor.

I'll write the follow rules in .htaccess and puted it in root directory of my app: myDevelopedApp/.htaccess.

.htaccess
#Checking if module is avalaible
<IfModule mod_rewrite.c>
   #Using the rewrite engine
   RewriteEngine On
   RewriteCond %{REQUEST_FILENAME} !-f
   #Rewrite rule to redirect the request
   RewriteRule ^(.*)$ web/$1 [QSA,L]
<IfModule>

The problem it's not working, I can not access to web folder when I write the rules. Apache hides the application myDevelopedApp when I try to access it by browser

What I'm wrong? Any other recommendation to improve security in production enviroment is welcome, thanks so much.

Tokeeen.com
2#
Tokeeen.com Reply to 2017-11-14 15:31:03Z

If your are really concerned about security you should follow the Symfony best practices. That means that only the /web folder should be accessible in the vhost.

Moreover if you initialized your project with a standard edition you should already have .htaccess files in the app/ src/ folders.

Risul Islam
3#
Risul Islam Reply to 2017-11-14 16:36:40Z

htaccess file code

    .htaccess
    #Checking if module is avalaible
    
       #Using the rewrite engine
       RewriteEngine On
       RewriteCond %{REQUEST_FILENAME} !-f
       #Rewrite rule to redirect the request
       RewriteRule ^(.*)$ web/$1 [QSA,L]
    
    

and this code too on your .htaccess file

<pre>
.htaccess
#Checking if module is avalaible
<IfModule mod_rewrite.c>
   #Using the rewrite engine
   RewriteEngine On
   RewriteBase /folder/ /*location address if localhost localhost/project */
   RewriteCond %{REQUEST_FILENAME} !-d
   RewriteCond %{REQUEST_FILENAME} !-f
   #Rewrite rule to redirect the request
   RewriteRule ^(.*)$ web/$1 [QSA,L]
<IfModule>
</pre>

RewriteBase solve this problem

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.341272 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO