Godaddy上的CodeIgniter安装具有最佳安全性

时间:2014-05-07 19:48:44

标签: php apache .htaccess codeigniter

godaddy托管public_html上提供了作为网络根目录。我尝试在其上安装CodeIgniter,因此我希望整个框架都在webroot之外(出于安全原因)。出于此特定目的,在public_html目录中,我使用以下代码创建了.htaccess

RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?example.com$ [NC]
RewriteCond %{REQUEST_URI} !^/sub_webroot/
RewriteRule ^(.*)$ ./sub_webroot/index.php?$1 [L]

目录/文件结构如下所示:

public_html
    .htaccess
    CodeIgniter (whole framework files except index.php)
    sub_webroot
        index.php (CI index.php)
        assets
             sample.png

框架已成功加载,index.php也已删除。我面临的问题是,我无法通过sample.png打开example.com/assets/sample.png,很明显,由于行RewriteRule ^(.*)$ ./sub_webroot/index.php?$1 [L],它正在发生。我无法决定如何访问assets目录并保持框架成功运行,因为它现在正在工作。有关如何更改符合我需求的.htaccess的任何想法吗?

1 个答案:

答案 0 :(得分:0)

这就是我们解决这个问题的方法:如果从assets文件夹请求,则添加一个忽略重写的条件。您可以根据需要添加/删除要忽略的选项 - 实际上您只需要在您的情况下使用assets选项。

#Checks to see if the user is attempting to access a valid file,
#such as an image or css document
RewriteCond $1 !^(index\.php|assets|css|png|jpg|gif|robots\.txt|favicon\.ico)

将它放在你的RewriteRule之前。

有一个非常全面的Codeigniter .htaccess用于麻烦主机:http://www.chrishjorth.com/blog/one-com-codeigniter-htaccess-rewrite-rules/,很好评论:

# @author: Chris Hjorth, www.chrishjorth.com
# Make index.php the directory index page
DirectoryIndex index.php
#Protect the .htaccess files
<Files .htaccess>
    order allow,deny
    deny from all
</Files>
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /subfolder/
    # START CodeIgniter ------------------------------------------------------------------------------------------------------------
    # based on http://www.danielwmoore.com/extras/index.php?topic=7691.0 and http://ellislab.com/forums/viewthread/132758/
    # Redirect default controller to "/".
    # This is to prevent duplicated content. (/welcome/index =&gt; /)
    RewriteRule ^(welcome(/index)?)/?$ /subfolder/ [L,R=301]
    # Remove /index/ segment on the URL, again to prevent duplicate content.
    RewriteRule ^(.*)/index/? $1 [L,R=301]
    # Remove trailing slashes, also to remove duplicate content
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    # Remove multiple slashes in between, just to remove the possibility of fabricating crazy links.
    RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
    RewriteRule . %1/%2 [R=301,L]
    # Ignore certain files and folders in this rewrite
    RewriteCond $1 !^(index\.php|assets|frameworks|uploads|robots\.txt|favicon\.ico)
    # [NC] = no case - case insensitive
    # [L] = Last rule, last rewrite for this set of conditions
    # [QSA] = Query String Append, should be used to prevent all redirects from going to your default controller, which happens on 
    # some server configurations.
    RewriteRule ^(.*)$ /subfolder/index.php?$1 [NC,L,QSA]
    # END CodeIgniter --------------------------------------------------------------------------------------------------------------
</IfModule>
# If Mod_rewrite is NOT installed go to index.php
<IfModule !mod_rewrite.c>
    ErrorDocument 404 /index.php
</IfModule>