How to hide Zend's application.ini from the public? - zend-framework

I am using the Zend Framework for construction of my site, which uses the application.ini file to store database info (such as username and password). I discovered that typing /application/configs/application.ini in the web browser plainly shows all the contents of the applications.ini file.
How can I prevent this? I tried setting the chmod public access to nothing, but then the website couldn't function anymore because of access rights. Anyone familiar with this?

Your document root setting in your web server configuration should point to the subdirectory that has your index.php in it, not the top-level directory of the whole application install.
E.g., you have something like:
myapp/application/Bootstrap.php
myapp/application/configs/application.ini
myapp/application/controllers/...
myapp/application/views/...
myapp/library/...
myapp/tests/...
myapp/public/index.php
Set your document_root to myapp/public and not myapp.

I solved this problem by writing the following in the .htaccess file:
<Files application.ini>
order allow,deny
deny from all
</Files>

If you don't have access to change your document root and you are using the Apache web server, the "quick and dirty" approach might be to create a ".htaccess" file with the following contents, created in:
/application/configs
Contents:
deny from all

Related

Could not access your domain

when I try to install moodle via softaculous, I get an error like this, I just created my domain name and the files seem empty. Can you help?
Eror:
Could not access your domain. Please make sure your domain is pointing to this server and there is no .htaccess file restricting access to your domain
I get the error while loading Moodle, the contents of my files are empty and .there is no htaccess file

ISPConfig change "Document Root" for specific domain

How to change the Document Root for a specific domain/subdomain inside ISPConfig 3.
I need to point my subdomain to a different directory than the standard client3 web6 roots.
And in "ISPConfig 3" this field isn't editable, neither during creation nor afterwards.
The solution was pretty simple, All I had to do is, once the domain was created, I had to navigate as below..
Select that domain > Options > Apache Directives
And paste the following line where the root of the domain/subdomain would be adjusted accordingly. I wanted to point the domain to rainloop installation which was outside the Default Web Root directory /var/www/html.
DocumentRoot "/var/www/rainloop/"
Have written this Q/A as a documentation as in-spite of it being so simple, this solution isn't documented anywhere.
Hey yeah you can put this as directive snippsel:
DocumentRoot {DOCROOT_CLIENT}/YOURNEWFOLDER
in complete that shows something like this in your /etc/apache2/sites-available/ in the lower, isp config put this in:
DocumentRoot /var/www/clients/client10/web72/web/YOURNEWFOLDER

How do I make a website run a perl CGI script without including the script name in the URL?

When a user goes to 'http://www.mydomain.com/' currently index.html is returned. Instead, I would like to run a CGI script. How do I do that?
If you're using Apache you can add something like this to your VirtualHost config:
DirectoryIndex index.cgi index.html index.htm
This would cause the web server to look for index.cgi first and then fall back to index.html and then index.htm That's one way of doing it and, of course, you'd need to make sure your script is named index.cgi (or whatever default name you'd like to go with. More info can be found in the Apache docs for mod_dir

SugarCRM error on module loader on shared hosting

I’ve a shared hosting account and installed SugarCRM. Everything is fine except the message i get for the module loader. Here i get the message to add suhosin.executor.include.whitelist = “upload://” to the php.ini file.
The message is:
Upload stream is blocked by Suhosin, please add "upload" to
suhosin.executor.include.whitelist (See sugarcrm.log for more
information)
Because i have a shared hosting account i don’t have access to my etc map and therefore also not to my php.ini file.
I want to use the .htaccess file for this but don't know exact code. Can anyone help me?
You Can Try Add this to your .htaccess file as suggested in http://forums.sugarcrm.com/f6/upload-stream-blocked-suhosin-82116/
<IfModule mod_php.c>
php_value suhosin.executor.include.whitelist upload://
</IfModule>
In my case I'm using php-fpm so I modified the php.ini locater in /etc/php5/fpm/conf.d/suhosin.ini and I have no more warnings from SugarCRM
; configuration for php suhosin module
extension=suhosin.so
suhosin.executor.include.whitelist="phar"
suhosin.executor.include.whitelist="upload"
The solution posted by Carlos Quijano didn't work for me.
I've found that the solution is different depending if PHP is run as module, CGI or FASTCGI .
This is the documentation I've found about the different methods you can use to use a custom php.ini file for your domain (or even subdomains)
First you should check which one is your case.
For this, you can use the phpinfo command:
Create a php file called phpinfo.php with this content: <?php phpinfo(); ?>
and upload it into your domain root, then visit www.yourdomain.com/phpinfo.php,
you'll see a table and next to "Server API" you'll see which way PHP is run.
For me it was "CGI/FastCGI", so I had to get a copy of the global php.ini, which I didn't know how to get since it was not accessible by FTP access. I've found a solution in a Drupal forum:
Create a php file you can call gettheini.php with this content:
<?php system("cp /usr/local/php5/lib/php.ini /home/YOURCPANELUSERNAME/php.ini"); ?>
*The first path must be the path next to "Configuration File (php.ini) Path" in the table obtained before (phpinfo.php), with php.ini at the end. The second path is the path where you want to copy it to.
Upload it into your domain root, then visit www.yourdomain.com/gettheini.php.
This command will copy the global php.ini file yo the path you specified.
Then you can edit that file adding
; configuration for php suhosin module
extension=suhosin.so
suhosin.executor.include.whitelist="phar"
suhosin.executor.include.whitelist="upload"
save it and upload it.
As my hosting service had made some arrangements php.ini overriding, when I checked again the phpinfo page, the new file was already working (check next to "Loaded Configuration File").
Don't forget to protect the new file, add
<Files php.ini>
order allow,deny
deny from all
</Files>
to the end of yout .htaccess file (in the same root folder of your domain or subdomain)
I hope my experience can help you to solve your problem or at least give you some guidance.

"URL not found" error at my localhost setup of TYPO3 website.

I have setup TYPO3 successfully on my local server. But I am having problem when clicking on any menu item: It's showing "url not found on server".
When I type in the URL manually into the browser it shows the page. It's only having problems when redirecting after clicking on a page item at any frontend website page.
That might be related to the domain config or RealURL... or both ;)
Do you use RealURL? Or do you use the standard url config?
If links to sub pages look like index.php?id=12345 you are using the standard config.
My guess is that the local DNS ("hosts file") is not configured correctly.
With the hosts file you can simulate how the web site will appear when it's online, hooked up to a "real/global" DNS. (Not quite, but in a nutshell)
So if you set up Typo3 to be reached under http://www.example.com/ you need to tell your local DNS ("hosts file") to route a request to http://www.example.com/ to your local host e.g. http://127.0.0.1/ . In that case your host file needs an entry like so:
127.0.0.1 http://www.example.com/
What Domain do you enter to reach your web site? Where do the links from the menu link to?
If you wanna know mor about the "hosts file" look here:
http://accs-net.com/hosts/how_to_use_hosts.html
If you can log in into the TYPO3 backend (/typo3/) and can access the frondend through /index.php, but not through the generated menu links, then RewriteRules for mod_rewrite don't apply.
Usually TYPO3's installer should detect this configuration and disable RealURL, which is responsible for generating such nice looking URLs (instead of index.php?id=123). It seems like this failed (or you copied everything afterwards without the .htaccess file?).
Make sure that you have TYPO3's .htaccess file in place in the root directory of your installation. If this is the case, make sure that mod_rewrite is enabled in your Apache config.