Forum
Securing a Front Controller app
G Caplan
13 March 2012, 18:07
Hi
I'm looking to configure a Front Controller app as follows:
/private/includable/executable
../executable will contain the php bootstrap file. Anything above this path should not be executable.
../includable will contain any php and template files to be included into the app, but should not be directly executable.
Anything above ../includable should not be accessible from the web app.
I'm moving from LiteSpeed, where they have configuration options for this kind of setup. It it possible to achieve this in Hiawatha?
Forgive me if I'm missing something obvious...
I'm looking to configure a Front Controller app as follows:
/private/includable/executable
../executable will contain the php bootstrap file. Anything above this path should not be executable.
../includable will contain any php and template files to be included into the app, but should not be directly executable.
Anything above ../includable should not be accessible from the web app.
I'm moving from LiteSpeed, where they have configuration options for this kind of setup. It it possible to achieve this in Hiawatha?
Forgive me if I'm missing something obvious...
Hugo Leisink
13 March 2012, 18:56
Disabling CGI execution for a certain directory and every subdirectory below can be done by placing "ExecuteCGI = no" in a .hiawatha file.
Disabling access to a directory can be done via the UrlToolkit.
Disabling access to a directory can be done via the UrlToolkit.
VirtualHost {
...
UseToolkit = restrict_access
}
UrlToolkit {
ToolkitID = restrict_access
Match /some/path DenyAccess
Match /another/dir DenyAccess
}
G Caplan
14 March 2012, 22:45
Hugo
Thanks for the advice!
Thanks for the advice!
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
