Open hujuice opened 6 years ago
Of cource, if you have a highload project, you have good skills and should to optimize the web server configuration anyway. The one-domain-config
repo proposes the base and universal solution without bugs. The speed implications of using mod_alias
instead mod_rewrite
in most cases is negligible.
About your second config. If we set the alias, the request to /admin
will always force redirect to /admin/
. And I don't think that we should restrict the access to /index.php/*
, because Yii allow us to change the visibility behavior. Also, your configs have some slight flaws.
@mickgeek , in the application that I'm developing, my running configuration simply starts with:
RewriteEngine On
# If $showScriptName is false in UrlManager, do not allow accessing URLs with script name
RewriteRule ^(/backend)?/index.php/ - [L,R=404]
# Protect against access to special files
RewriteRule \.(htaccess|htpasswd|svn|git) - [L,R=404]
# Frontend
# ==============================
DocumentRoot /path/to/yii2-advanced/frontend/web
<Directory /path/to/yii2-advanced/frontend/web>
...
I think that it's unrelated.
It does not really make much sense to restrict index.php/*
, if a direct path to the entry script anyway is available. But using of it is more than acceptable.
When we use the document root as the path to the frontend app, we need use the alias. When we use the alias, we can't manipulate the trailing slash.
Anyway, if we talk about a shared hosting, usually we only have access to the .htaccess files.
I think that these ideas are better. Firstly, because a typical "shared hosting" scenario doesn't have a VirtualHost context, so a pure .htaccess solution is necessary. But also because the typical "shared hosting" scenario is not the unique: one can prefer to stay in one domain enjoying the Alias recommendation by Apache.
I've a couple of hints (I'm in hurry now, I cannot explore better).
The $showScriptName also should be managed with some trick, depending on the context.
I've found also 'AllowNoSlash' in the RewriteOptions section http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html#rewriteoptions
Have a nice day, HUjuice
We can also use FallbackResource
(since 2.2.16), FilesMatch
and RedirectMatch
instead RewriteRule
, restrict the /assets/*.php
files or use new features from 2.4. It is optional, but maybe I add something to the repo later.
This is related to #316. Two proposals below. The proposals are not strongly tested and are for Apache only (I'm not expert in nginx). If you are interested, I can test them better, fork and propose formally. Apache only.
Regards, HUjuice
If you have per directory permissions only (.htaccess):
If you can write a complete VirtualHost configuration and want to keep separate web directory:
Note: sorry, but the external configuration linked at the end of the document is an overkill and in contrast with the Apache recommendations. I filed a bug to Oleg about: https://github.com/mickgeek/yii2-advanced-one-domain-config/issues/16