Why should we keep index.php in the public folder instead of in the root?
Question
I still don't quite understand why we must keep index.php in a public directory instead of in the root directory.
root/of/project
public/
index.php
.htacess
(html, image, css, etc)
Then, write the following in our virtual host file:
DocumentRoot /path/to/myapp/app/public
<Directory "/path/to/myapp/app/public">
# other setting here
</Directory>
The .htaccess file then redirects all non-existing URLs to index.php:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [QSA,L]
I notice that most frameworks do so, such as Symfony and Zend, just as this tutorial. What is the actual benefits really by having the trouble of modifying the virtual host file?
Why shouldn't we do have this below instead without modifying the virtual host file? Is it a security risk or something?
root/of/project
index.php
.htacess
public/
(html, image, css, etc)
If keeping index.php and modifying the virtual host file is better, how can we modify the virtual host file in the live server then? Let's say I have this domain name, http://my-website.com/ and I access it on my browser, what I see first is not the web page but the directories below untill I click the public directory then I see the home page,
root/of/project
public/
index.php
.htacess
(html, image, css, etc)
I assume that this is the same for Zend or Symfony project as well without being able to modify the virtual host file in the live server. I am no good at these frameworks, I will see this below if I upload my Zend project to the live server,
So, how do you deploy your Zend or Symfony project to your live server to see your web page right away?
1 answers
solution1
6 ACCPTED 2015-04-01 18:10:07
It is a very good idea to keep index.php outside of your project root directory because of one simple reason:
You don't want your user to access any files other that one in public folder (index.php, css, js etc). When you will put index.php in root folder you will be also able to access composer.json file for example which is a security risk - a potential hacker will know what packages are you using, in which versions so it's easier for him to perform attack.
When it comes to your hosting - you should have some public_html folder on your root directory which is meant to be public folder (web) of your Symfony app and you should also be able to keep files outside of public folder. If you don't - you really need to think about changing hosting partner
EDIT : Answering your comment. Let's assume you have public_html folder on your hosting and you want to deploy Symfony app which should be accessible directly on http://your-domain.com . Then you should put whole Symfony project anywhere (but outside of public_html folder) and make a public_html folder a symbolic link to web folder of your Symfony project. This action is equivalent of editing virtual host and changing DocumentRoot which, I assume, you are not able to do.
You can also check my answer on another question to get more clarification
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.