mardi 28 avril 2015

Right way to secure a web server through .htaccess

Hi i'm new in web programming. I'm developing a web site with a PHP backend application. I'm using Ubuntu 14.04 Server, Apache, PHP 5.5 and Mysql. Currently this is my directory structure under /var/www/html:

example.com
    app/  # this dir contains the backend
    src/  # this contains some common stuffs between front and back ends
    web/  # this is the 'public directory' which serves the frontend

I searched so much about .htaccess, but i cant point out a definitive solution to secure all .php files which are not into the web/ directory. Also, i would "hide" .php files through url rewriting (for example, instead of serve http://ift.tt/1OACNQR i would serve mysite.org/accounts, but not just removing the .php extensions, rather redirecting mysite.org/accounts to a file called, to say, youwillneverknowthis.php).

Thanks in advance.

J.

Aucun commentaire:

Enregistrer un commentaire