apache - Why should we keep index.php in the public folder instead of in the root? -


i still don't quite understand why must keep index.php in public directory instead of in root directory.

root/of/project     public/        index.php        .htacess        (html, image, css, etc) 

then, write following in our virtual host file:

documentroot /path/to/myapp/app/public <directory "/path/to/myapp/app/public">   # other setting here </directory> 

the .htaccess file redirects non-existing urls index.php:

rewriteengine on rewritecond %{request_filename} !-d rewritecond %{request_filename} !-f rewriterule ^ index.php [qsa,l] 

i notice frameworks so, such symfony , zend, this tutorial. actual benefits having trouble of modifying virtual host file?

why shouldn't have below instead without modifying virtual host file? security risk or something?

root/of/project         index.php     .htacess     public/         (html, image, css, etc) 

if keeping index.php , modifying virtual host file better, how can modify virtual host file in live server then? let's have domain name, http://my-website.com/ , access on browser, see first not web page directories below untill click public directory see home page,

root/of/project     public/        index.php        .htacess        (html, image, css, etc) 

i assume same zend or symfony project without being able modify virtual host file in live server. no @ these frameworks, see below if upload zend project live server,

enter image description here

so, how deploy zend or symfony project live server see web page right away?

it idea keep index.php outside of project root directory because of 1 simple reason:

you don't want user access files other 1 in public folder (index.php, css, js etc). when put index.php in root folder able access composer.json file example security risk - potential hacker know packages using, in versions it's easier him perform attack.

when comes hosting - should have public_html folder on root directory meant public folder (web) of symfony app , should able keep files outside of public folder. if don't - need think changing hosting partner

edit: answering comment. let's assume have public_html folder on hosting , want deploy symfony app should accessible directly on http://your-domain.com. should put whole symfony project anywhere (but outside of public_html folder) , make public_html folder symbolic link web folder of symfony project. action equivalent of editing virtual host , changing documentroot which, assume, not able do.

you can check answer on question more clarification


Comments

Popular posts from this blog

Payment information shows nothing in one page checkout page magento -

tcpdump - How to check if server received packet (acknowledged) -