PHP Programming (was JOB: LAMP Artisan)

Lonnie Olson lists at kittypee.com
Mon Mar 3 10:22:31 MST 2014


On Mon, Mar 3, 2014 at 2:18 AM, Dan Egli <ddavidegli at gmail.com> wrote:
>> I'm curious about putting my PHP code outside of the webroot. Let's say
> you do so.
>
>> How do you run your code? Do you put an index in the docroot and then
> what? Are
>
>> you using a symlink?
>
>
>
> No, somewhere in apache's httpd.conf file you put a <directory [code dir]>
> entry. For an example of that that I've used (not one I wrote, but one I do
> like) look at the squirrelmail webmail package. If my memory is correct, it
> does that. Nothing goes in /var/www/html at all. Instead it creates an
> entry so that when you use http://[server]/webmail/ it processes
> squirrel's's index.php at that point.


Not quite, using an Alias and <Directory> directives are not the same
thing.  Using an Alias is effectively the same thing as putting the
files in your docroot.   The idea intended to be expressed here is
that most of your code is not accessible by URL at all.

Example.
/var/www/html/index.php - is the only code accessible via URL
/var/www/application/* - This is where your code might live, and is
included from the single point of entry.
/var/www/application is not Alias'd, and is not, in any way accessible
via a URL, No apache config necessary or intended.

This idea suggests the use of mod_rewrite, or similar "clean URL"
methods, to give you a normal looking URL structure.
Many frameworks follow this idea.  It's just a minor tactic, and is
certainly not the most important step to securing your web
application, but it does certainly help.


More information about the PLUG mailing list