mardi 28 avril 2015

Right way to secure a web server through .htaccess

Hi i'm new in web programming. I'm developing a web site with a PHP backend application. I'm using Ubuntu 14.04 Server, Apache, PHP 5.5 and Mysql. Currently this is my directory structure under /var/www/html:
    app/  # this dir contains the backend
    src/  # this contains some common stuffs between front and back ends
    web/  # this is the 'public directory' which serves the frontend

I searched so much about .htaccess, but i cant point out a definitive solution to secure all .php files which are not into the web/ directory. Also, i would "hide" .php files through url rewriting (for example, instead of serve i would serve, but not just removing the .php extensions, rather redirecting to a file called, to say, youwillneverknowthis.php).

Thanks in advance.


Aucun commentaire:

Enregistrer un commentaire