How do I restrict my local.xml from being seen by outsiders, as in Magento's app/etc/local.xml which has all the database access information.
Please specify the file paths where i need to make changes,
thanks
http://www.domainname.com/app/etc/local.xml is forbidden by .htaccess of magento with default setting. Please check your .htaccess.
If you don't have htaccess file you can get .htaccess.sample , just rename it by .htaccess
All the request in magento or any mvc structure website goes to index.php page. If you see .htaccess file of magento carefully, you can get
RewriteRule .* index.php [L]
Allow access for images,skins and Javascript
RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
So by default .xml files are forbidden (403)
If you are not running Apache, you need to find out how your chosen web server controls file access and translate the .htaccess files found in the stock Magento install to the control access method used.
If you're using Apache, you may need to turn on it's ability to read directory level .htaccess files. You then need to check and make sure the proper .htaccess files are installed in their directories.
For use under Apache Web Server, Magento extensively uses directory level .htaccess files to control access to its application folders, for example:
app/.htaccess
app/etc/.htaccess
should both exist and should contain
Order deny,allow
Deny from all
If they're missing, this is a sign that the developer designed the site on a WAMP stack and didn't understand how to set up FTP transfer to transfer hidden files. This also means that all the other .htaccess files are missing in critical areas like media/.htaccess which have even more necessary contents to shut off execution of php code out of potentially world writable directory trees (bad security):
Options All -Indexes
<IfModule mod_php5.c>
php_flag engine 0
</IfModule>
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI
<IfModule mod_rewrite.c>
############################################
## enable rewrites
Options +FollowSymLinks
RewriteEngine on
############################################
## never rewrite for existing files
RewriteCond %{REQUEST_FILENAME} !-f
############################################
## rewrite everything else to index.php
RewriteRule .* ../get.php [L]
</IfModule>
Basically, you need to download the Magento installer file and check its contents for all the missing .htaccess files that Magento puts in its various directories to control access.
Related
What is the code used in .htaccess to prevent access of other files in my public folder ( LARAVEL project under shared hosting )?
I have a file called index.php and I want this file to be the only file able to access all the other files/directories.
I have seen other solutions here on StackOverFlow but they do not match above requirement.
Laravel has it's own .htaccess ready and that should work with your shared hosting too..
myfoldersite/public/.htaccess
move to
myfoldersite/.htaccess
and rename
myfoldersite/server.php
to
index.php
And try browsing your site again, let's see if that works.
Cheers!
You can block an access to a folder with this code in the .htaccess
<Directory "/file/">
deny from all
</Directory>
You have to modify the "file" by the name of your files.
But I do not know if that's what you're looking for so you can do this too:
RewriteEngine on
RewriteRule ^(.+)$ index.php
We have recently moved a Magento multi site environment to a new dedicated server, however all the sites apart from the admin URL site (not used apart from admin are) are reporting Magento style 404 pages on the front end.
We have ensured mod_rewrite is turned on, checked the database and manually amended the URLs in PHPMyAdmin to assign some temporary test URLs. The URL assigned to the admin area works fine, and the rest resolve to the server, however every front end is still 404. We have tried adding in index.php to the URL, no change. Checked all file and folder permissions, all OK. Cleared all cache manually and reindexed from command line. No change.
We have checked HTACCESS is correct which it looks to be. We have even taken another backup of the database and full site and restored to another server with the same issues.
We have also tried disabling SEO urls/URL Rewrites without change too.
Error logs dont say a lot either which isnt helpful.
Really struggling with this now so any help or pointers greatly appreciated. Thanks
First Solution:
Replace current .htaccess file with the default .htaccess file from Magento.
Second Solution:
#fastcgi_param MAGE_RUN_CODE default;
If doesn't work, try following solution:
Third Solution:
Is this installed on an Apache webserver? If not, the .htaccess functions will need to be translated to your flavor of web server software.
Has DSO module for mod_rewrite been installed in Apache and been enabled to load?
Is AllowOverrides enabled for the virtual server so Options +FollowSymLinks will function? You may have to check with your hosting service provider and have it enabled.
Is Magento's .htaccess file available in the doc root folder?
Has the rewrite engine been turned on in the .htaccess file?
Has the proper RewriteBase been assigned in the .htaccess file?
General entries in Magento's .htaccess that must function so rewrites will function to eliminate the need for index.php to appear in the URL.
<IfModule mod_rewrite.c>
############################################
## enable rewrites
Options +FollowSymLinks
RewriteEngine on
############################################
## you can put here your magento root folder
## path relative to web root
#RewriteBase /magento/
############################################
## workaround for HTTP authorization
## in CGI environment
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
############################################
## always send 404 on missing files in these folders
RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
############################################
## never rewrite for existing files, directories and links
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
############################################
## rewrite everything else to index.php
RewriteRule .* index.php [L]
</IfModule>
Third solution from Fiasco Labs
I referred the CodeIgniter Site and also checked various sites for information on how to remove index.php file from Mac OS X 10.10. But still index.php is unavoidable. I need steps to remove index.php from CodeIgniter on Mac OS 10.10.
This is working:
localhost/jenny/Learn/index.php/about
This is not working:
localhost/jenny/Learn/about
As long as you are running apache the operating system should not make a difference in this case.
You need to create a .htaccess file within the your root web directory (this is the directory where the index.php file is located) and within the .htaccess file you will want to include the following:
RewriteEngine On
RewriteOptions inherit
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L,QSA]
This will allow you to utilize the second url you have posted as it will determine if the requested resource is located within the webroot and if not then redirect to the index.php file without it needing to be included in the url.
If you are not running a different web server then the rewrite rule will be different but the principle is the same. Send all requests to index.php if not resource does not live in web root.
open path:/application/config/config.php
find : $config['index_page']='index.php'
replace : $config['index_page']=''
I am running laravel on a subdomain i.e. subdomain.mysite.com
I have setup my structure like this:
username
-public_html
--subdomain
---public
Basically, when I created my subdomain the path I set was subname/public so the subdomain points to the public folder. I have uploaded laravel to subname so when someone goes to the subdomain url it looks at the public folder and it shows the laravel You have arrived page.
Now when I browse to mysite.com/subname it gives me a forbidden page and when I browse to mysite.com/subname/public it shows the laravel you have arrive logo.
Is it safe to set-up laravel on a subdomain this way or am I exposing the app / model / controller folders etc?
Is this just very bad and should i move the laravel core files above public_html?
I hope this makes sense
Thanks
With proper Apache configuration (or any other server you use) and .htaccess ( in case of Apache) you can restrict the access to your core directories irrespective of where your files are located.
I do not know about your server configuration and which folders you have access to, but in case you have access to other directories, you can set up laravel in somewhere else other than under public_html and set up public directory to be visible, just like you did when setting up it as a sub-domain.
If you want to setup as a sub-folder under mysite.com you can keep the Laravel installation somewhere else, and provide symbolic link under public_html like this
ln -s /path/to/laravel/public /username/public_html/subdomain
In such case you need to add following line to .htaccess file.
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteBase /subdomain # Add this line
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
Hope this helps.
I want to configure a mod_rewrite rule without using .htaccess files. When I put rules in .htaccess files they work fine, but I would prefer to leave all of the configuration in my /etc/apache2/sites-available/[site name] config file.
When I place the same RewriteRules within the VirtualHost or Directory directives, nothing works. What am I doing wrong? Here is a sample from my VirtualHost config file:
<Directory />
Options FollowSymLinks
# AllowOverride is on for the .htaccess files to work
AllowOverride All
RewriteEngine On
RewriteRule ^oldsite\.php$ newsite.php
</Directory>
I'm thinking I might be overlooking some directive within the apache2.conf file, but I'm not sure. Help. :)
You’re using a RewriteRule pattern that is meant for an .htaccess file. The reason:
When using the rewrite engine in .htaccess files the per-directory prefix (which always is the same for a specific directory) is automatically removed for the pattern matching and automatically added after the substitution has been done.
So try this rule with the full URL path:
RewriteRule ^/oldsite\.php$ /newsite.php