Skip to content

Instantly share code, notes, and snippets.

@Guibzs
Last active March 26, 2023 15:17
Show Gist options
  • Save Guibzs/a3e0b3ea4eb00c246cda66994defd8a4 to your computer and use it in GitHub Desktop.
Save Guibzs/a3e0b3ea4eb00c246cda66994defd8a4 to your computer and use it in GitHub Desktop.
Symfony 4 ~ .htaccess
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>
<IfModule !mod_rewrite.c>
<IfModule mod_alias.c>
RedirectMatch 302 ^/$ /index.php/
</IfModule>
</IfModule>
@Aviortheking
Copy link

Hey thank you

In symfony, should this .htaccess be in public or root ?

in the public folder

@miertschink
Copy link

Works fine - thx
just in case somebody is searching for:
I got a 403 Forbidden on All-inkl when using Symfony 4 and public as Domain-Root configured in the KAS

@hous04
Copy link

hous04 commented May 1, 2019

Hi
How can we force www. for all routes ?

@rakini-yassine
Copy link

Thank you very much you saved my life

@AlphaHasi
Copy link

Thanks a million times! I can understand that the team took the htaccess files out, even from the "out-of-the-box-works-instantly-version", but it would be nice, if they give at least a hint at one of the million places where you can read about download, start, install, deploy the stuff…

@jrolopez20
Copy link

I have used this and work BUT not load images, css, javascripts files. what can i do??

@bklein01
Copy link

perfect... thanks

@felloz
Copy link

felloz commented Sep 21, 2019

sorry but dont work for me :(

@prolyfix
Copy link

great, thanks

@drondar
Copy link

drondar commented Dec 18, 2019

It works perfect for me. About this I have a doubt. I resently deploy a symfony 4 project in a cloud server, I used git and everythin is fine. But all the folder of my project is in the public_html directory. So for navigating I need to use the path [myip]/myprojectfoldername/public. How can I fix the problem of including .../projectforldername/public in the url? Is there an .htaccess file that can I put into the public_html folder that redirects the requests to the public directory or do I need to put my privates files out of public_html directory? The problem with the last solution is that I need to do manual work moving the files after every pull in git. Sorry my english, I hope you can help me. Thanks

@unkelhoebbi
Copy link

It works perfect for me. About this I have a doubt. I resently deploy a symfony 4 project in a cloud server, I used git and everythin is fine. But all the folder of my project is in the public_html directory. So for navigating I need to use the path [myip]/myprojectfoldername/public. How can I fix the problem of including .../projectforldername/public in the url? Is there an .htaccess file that can I put into the public_html folder that redirects the requests to the public directory or do I need to put my privates files out of public_html directory? The problem with the last solution is that I need to do manual work moving the files after every pull in git. Sorry my english, I hope you can help me. Thanks

I have a similar setup like yours and I've set the document root of the webserver to the public directory of the project and used the .htaccess file from above which works totally fine for me. Does this help you?

@drondar
Copy link

drondar commented Jan 7, 2020

Yes, this helped me a lot! Keeping the structure of symfony, I have my proyect folder, then a public folder inside it and a index.php. In my htaccess I wrote RewriteRule ^(.*)$ myproyectfolder/public/index.php [QSA,L] and works great. But if someone move to my_ip/myproyectfolder/composer.json (for example) he could see the content of composer.json. The solution I found here is to uglify the name of the proyect folder, so other persona can not guess the route. It's that a good way to do that? or does you know another better solution? thanks a lot

@muhiddingithub
Copy link

Great thanks

@fab01
Copy link

fab01 commented Feb 17, 2020

Thank you dude!

Combination of this htaccess inside /public together with another .htaccess in root made the trick:

htaccess in project root:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?mydomain.com$
RewriteCond %{REQUEST_URI} !^/public/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /public/$1
RewriteCond %{HTTP_HOST} ^(www.)?mydomain.com$
RewriteRule ^(/)?$ public/index.php [L]

This way you can access the Action Controller like mydomain.com/controlleraction

@drondar
Copy link

drondar commented Feb 17, 2020

Thank you dude!

Combination of this htaccess inside /public together with another .htaccess in root made the trick:

htaccess in project root:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?mydomain.com$
RewriteCond %{REQUEST_URI} !^/public/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /public/$1
RewriteCond %{HTTP_HOST} ^(www.)?mydomain.com$
RewriteRule ^(/)?$ public/index.php [L]

This way you can access the Action Controller like mydomain.com/controlleraction

I put that htaccess in my project root but still entering in mydomain/my_folder_project_name/composer.json if I guess the folder_project_name :(
The solition of this post helped me a lot but still having the doubt because if someone guess the folder name of the project and write a entire path to some configuration file then he can access the content

@fab01
Copy link

fab01 commented Feb 17, 2020

Thank you dude!
Combination of this htaccess inside /public together with another .htaccess in root made the trick:
htaccess in project root:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?mydomain.com$
RewriteCond %{REQUEST_URI} !^/public/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /public/$1
RewriteCond %{HTTP_HOST} ^(www.)?mydomain.com$
RewriteRule ^(/)?$ public/index.php [L]

This way you can access the Action Controller like mydomain.com/controlleraction

I put that htaccess in my project root but still entering in mydomain/my_folder_project_name/composer.json if I guess the folder_project_name :(
The solition of this post helped me a lot but still having the doubt because if someone guess the folder name of the project and write a entire path to some configuration file then he can access the content

Hi @drondar
the purpose of that htaccess is to avoid to see /public in the url for a Symfony project.
My bad, I forgot to mention this not negligible detail.. Sorry for that.
Example: mysymfony4project.com/[to-hide]public/myactioncontroller

By the way you shouldn't risk anything as the .htaccess file by definition should not be accessible by anybody except directory owners and sysadmin.
If you want to protect the folder you can still use an .htpasswd instead, or just put a file to redirect all requests coming from the User Agent so nobody will be able to access a forbidden folder even assuming they know the URL.

@drondar
Copy link

drondar commented Feb 17, 2020

Thank you dude!
Combination of this htaccess inside /public together with another .htaccess in root made the trick:
htaccess in project root:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?mydomain.com$
RewriteCond %{REQUEST_URI} !^/public/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /public/$1
RewriteCond %{HTTP_HOST} ^(www.)?mydomain.com$
RewriteRule ^(/)?$ public/index.php [L]

This way you can access the Action Controller like mydomain.com/controlleraction

I put that htaccess in my project root but still entering in mydomain/my_folder_project_name/composer.json if I guess the folder_project_name :(
The solition of this post helped me a lot but still having the doubt because if someone guess the folder name of the project and write a entire path to some configuration file then he can access the content

Hi @drondar
the purpose of that htaccess is to avoid to see /public in the url for a Symfony project.
My bad, I forgot to mention this not negligible detail.. Sorry for that.
Example: mysymfony4project.com/[to-hide]public/myactioncontroller

By the way you shouldn't risk anything as the .htaccess file by definition should not be accessible by anybody except directory owners and sysadmin.
If you want to protect the folder you can still use an .htpasswd instead, or just put a file to redirect all requests coming from the User Agent so nobody will be able to access a forbidden folder even assuming they know the URL.

Hi, I understand, thanks for answering. Do you have any example of how to configure so that the user cannot access the files inside the folder that contains the project? Except public / index.php of course. I tried it with htaccess but then I also don't let the index access the project resources. The idea is only to block it for users who try to access through the url

@fab01
Copy link

fab01 commented Feb 17, 2020

Hi @drondar, as you said, assuming that you are running an application with a front controller (index.php) in a folder '/public', all files which are intended to be 'public' (normally the front controller and all the assets: js, css and images) should live inside this folder.
So, since they are public, there's no reason to have restrictions on it.

If you want to protect the directory which contains the project (or business logic) like for example /src, you can put an .htaccess with a redirect to parent folder on each subfolder.

Here an example:

RewriteEngine On
RewriteRule ^(parent/). /$1 [R,L]

where 'parent' is the name of the parent folder.
You can replace R param with R=301 if you want to make it 'permanent' (but only when you are sure that it works).

Another option is working with folders' permissions if you are on Unix.

@drondar
Copy link

drondar commented Feb 18, 2020

Hi @drondar, as you said, assuming that you are running an application with a front controller (index.php) in a folder '/public', all files which are intended to be 'public' (normally the front controller and all the assets: js, css and images) should live inside this folder.
So, since they are public, there's no reason to have restrictions on it.

If you want to protect the directory which contains the project (or business logic) like for example /src, you can put an .htaccess with a redirect to parent folder on each subfolder.

Here an example:

RewriteEngine On
RewriteRule ^(parent/). /$1 [R,L]

where 'parent' is the name of the parent folder.
You can replace R param with R=301 if you want to make it 'permanent' (but only when you are sure that it works).

Another option is working with folders' permissions if you are on Unix.

Hello, my situation is exactly what you are describing. Thank you very much, I'm going to try it right now.

@i3130002
Copy link

Worked on Symfony 4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment