Skip to content

Instantly share code, notes, and snippets.

@Guibzs
Last active March 26, 2023 15:17
Show Gist options
  • Star 45 You must be signed in to star a gist
  • Fork 16 You must be signed in to fork a gist
  • Save Guibzs/a3e0b3ea4eb00c246cda66994defd8a4 to your computer and use it in GitHub Desktop.
Save Guibzs/a3e0b3ea4eb00c246cda66994defd8a4 to your computer and use it in GitHub Desktop.
Symfony 4 ~ .htaccess
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>
<IfModule !mod_rewrite.c>
<IfModule mod_alias.c>
RedirectMatch 302 ^/$ /index.php/
</IfModule>
</IfModule>
@fab01
Copy link

fab01 commented Feb 17, 2020

Thank you dude!

Combination of this htaccess inside /public together with another .htaccess in root made the trick:

htaccess in project root:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?mydomain.com$
RewriteCond %{REQUEST_URI} !^/public/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /public/$1
RewriteCond %{HTTP_HOST} ^(www.)?mydomain.com$
RewriteRule ^(/)?$ public/index.php [L]

This way you can access the Action Controller like mydomain.com/controlleraction

@drondar
Copy link

drondar commented Feb 17, 2020

Thank you dude!

Combination of this htaccess inside /public together with another .htaccess in root made the trick:

htaccess in project root:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?mydomain.com$
RewriteCond %{REQUEST_URI} !^/public/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /public/$1
RewriteCond %{HTTP_HOST} ^(www.)?mydomain.com$
RewriteRule ^(/)?$ public/index.php [L]

This way you can access the Action Controller like mydomain.com/controlleraction

I put that htaccess in my project root but still entering in mydomain/my_folder_project_name/composer.json if I guess the folder_project_name :(
The solition of this post helped me a lot but still having the doubt because if someone guess the folder name of the project and write a entire path to some configuration file then he can access the content

@fab01
Copy link

fab01 commented Feb 17, 2020

Thank you dude!
Combination of this htaccess inside /public together with another .htaccess in root made the trick:
htaccess in project root:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?mydomain.com$
RewriteCond %{REQUEST_URI} !^/public/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /public/$1
RewriteCond %{HTTP_HOST} ^(www.)?mydomain.com$
RewriteRule ^(/)?$ public/index.php [L]

This way you can access the Action Controller like mydomain.com/controlleraction

I put that htaccess in my project root but still entering in mydomain/my_folder_project_name/composer.json if I guess the folder_project_name :(
The solition of this post helped me a lot but still having the doubt because if someone guess the folder name of the project and write a entire path to some configuration file then he can access the content

Hi @drondar
the purpose of that htaccess is to avoid to see /public in the url for a Symfony project.
My bad, I forgot to mention this not negligible detail.. Sorry for that.
Example: mysymfony4project.com/[to-hide]public/myactioncontroller

By the way you shouldn't risk anything as the .htaccess file by definition should not be accessible by anybody except directory owners and sysadmin.
If you want to protect the folder you can still use an .htpasswd instead, or just put a file to redirect all requests coming from the User Agent so nobody will be able to access a forbidden folder even assuming they know the URL.

@drondar
Copy link

drondar commented Feb 17, 2020

Thank you dude!
Combination of this htaccess inside /public together with another .htaccess in root made the trick:
htaccess in project root:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?mydomain.com$
RewriteCond %{REQUEST_URI} !^/public/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /public/$1
RewriteCond %{HTTP_HOST} ^(www.)?mydomain.com$
RewriteRule ^(/)?$ public/index.php [L]

This way you can access the Action Controller like mydomain.com/controlleraction

I put that htaccess in my project root but still entering in mydomain/my_folder_project_name/composer.json if I guess the folder_project_name :(
The solition of this post helped me a lot but still having the doubt because if someone guess the folder name of the project and write a entire path to some configuration file then he can access the content

Hi @drondar
the purpose of that htaccess is to avoid to see /public in the url for a Symfony project.
My bad, I forgot to mention this not negligible detail.. Sorry for that.
Example: mysymfony4project.com/[to-hide]public/myactioncontroller

By the way you shouldn't risk anything as the .htaccess file by definition should not be accessible by anybody except directory owners and sysadmin.
If you want to protect the folder you can still use an .htpasswd instead, or just put a file to redirect all requests coming from the User Agent so nobody will be able to access a forbidden folder even assuming they know the URL.

Hi, I understand, thanks for answering. Do you have any example of how to configure so that the user cannot access the files inside the folder that contains the project? Except public / index.php of course. I tried it with htaccess but then I also don't let the index access the project resources. The idea is only to block it for users who try to access through the url

@fab01
Copy link

fab01 commented Feb 17, 2020

Hi @drondar, as you said, assuming that you are running an application with a front controller (index.php) in a folder '/public', all files which are intended to be 'public' (normally the front controller and all the assets: js, css and images) should live inside this folder.
So, since they are public, there's no reason to have restrictions on it.

If you want to protect the directory which contains the project (or business logic) like for example /src, you can put an .htaccess with a redirect to parent folder on each subfolder.

Here an example:

RewriteEngine On
RewriteRule ^(parent/). /$1 [R,L]

where 'parent' is the name of the parent folder.
You can replace R param with R=301 if you want to make it 'permanent' (but only when you are sure that it works).

Another option is working with folders' permissions if you are on Unix.

@drondar
Copy link

drondar commented Feb 18, 2020

Hi @drondar, as you said, assuming that you are running an application with a front controller (index.php) in a folder '/public', all files which are intended to be 'public' (normally the front controller and all the assets: js, css and images) should live inside this folder.
So, since they are public, there's no reason to have restrictions on it.

If you want to protect the directory which contains the project (or business logic) like for example /src, you can put an .htaccess with a redirect to parent folder on each subfolder.

Here an example:

RewriteEngine On
RewriteRule ^(parent/). /$1 [R,L]

where 'parent' is the name of the parent folder.
You can replace R param with R=301 if you want to make it 'permanent' (but only when you are sure that it works).

Another option is working with folders' permissions if you are on Unix.

Hello, my situation is exactly what you are describing. Thank you very much, I'm going to try it right now.

@i3130002
Copy link

Worked on Symfony 4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment