Separate CodeIgniter public folder

10,722

Solution 1

For CodeIgniter 3.x, the correct way to approach this (at this point in 2018 and after) is as follows:

  • Make a public folder in your root folder
  • MOVE your index.php file into this folder (to prevent ambiguity)
  • inside the moved index.php file, change the following:

    change $system_path to ../system

    change $application_folder to ../application

Now, we need an .htaccess file, but CI 3.x doesn't have a .htaccess file by default, soo.. how about stealing it from CI 4.x which has it by default? You can find it here:

https://github.com/bcit-ci/CodeIgniter4/blob/develop/public/.htaccess

I recommend you NOT include the line SetEnv CI_ENVIRONMENT development - instead, define this in your apache or NGinx .conf file so the .htaccess file can work anywhere.

Finally, you'll meed to update your .conf file so that DOCUMENT_ROOT is set to the subfolder named public (or whatever you chose to name it). Then restart Apache/Nginx.

That should give you the same results, and be much more secure.

-- UPDATE -- I found that I had problems with the .htaccess file from CI 4, however suspect it's my system that's the problem. This simple version did work however:

RewriteEngine on
RewriteCond $1 !^(index\.php|assets|images|js|css|uploads|favicon.png)
RewriteCond %(REQUEST_FILENAME) !-f
RewriteCond %(REQUEST_FILENAME) !-d
RewriteRule ^(.*)$  ./index.php/$1 [L]

Solution 2

As per the CodeIgniter Installation Instructions...

/var/application/
/var/system/
/var/www/index.php

For the best security, both the system and any application folders should be placed above web root so that they are not directly accessible via a browser. By default, .htaccess files are included in each folder to help prevent direct access, but it is best to remove them from public access entirely in case the web server configuration changes or doesn’t abide by the .htaccess.

Share:
10,722
noeyeat
Author by

noeyeat

Front-end developer

Updated on November 30, 2022

Comments

  • noeyeat
    noeyeat over 1 year

    I've been trying to change my CodeIgniter file structure to make it safer and cleaner but I can't get it to work. I want to separate the application/system and the public files that are going to be visible to users.

    - application
    - system
    - public
    

    It works but I have to enter

    example.com/public/index.php or example.com/public/controller

    I want to be able to just type the base URL like example.com/controller.

    How can I do it?

    • Sparky
      Sparky almost 8 years
      public would simply be the www root or public_html folder. Then system and application are installed outside of the www root.
    • noeyeat
      noeyeat almost 8 years
      I'm using a shared hosting. The path to my CI directory is /var/www/myfolder/. I don't know if I really should do this but I read that it's not safe to not separate the folders.
    • Sparky
      Sparky almost 8 years
      Where did you read that?! The official documentation specifically states that you should put the application and system folders above of the www root. This virtually guarantees that the public will never see them, even if the .htaccess files fail.