How to implement a single portal for the php web Framework

I downloaded the ci, slim, and laravel frameworks and uploaded them to my ubuntu + nginx + php host. However, I found that a test is stored in any directory of the three frameworks. the PHP file outputs echo & quot; helloworld & quot;, which can then be accessed in a browser. Excuse me, this... I downloaded the ci, slim, and laravel frameworks and uploaded them to my ubuntu + nginx + php host. However, I found that a test is stored in any directory of the three frameworks. PHP file, output echo "hello world", and then the file can be accessed in the browser.

Are these frameworks not single-entry, but only through index. php access, but why the index can be crossed in the form of directory + file name. php access? Any file can be accessed externally. What is the security and isolation.

In addition, how can we hide the index. php file and directly access the routes of various pages through the root directory of the domain name.

Reply content:

I downloaded the ci, slim, and laravel frameworks and uploaded them to my ubuntu + nginx + php host. However, I found that a test is stored in any directory of the three frameworks. PHP file, output echo "hello world", and then the file can be accessed in the browser.

Are these frameworks not single-entry, but only through index. php access, but why the index can be crossed in the form of directory + file name. php access? Any file can be accessed externally. What is the security and isolation.

In addition, how can we hide the index. php file and directly access the routes of various pages through the root directory of the domain name.

Your current understanding of a single portal is a bit problematic: a single portal means that your application enters through a single portal file. In fact, your single portal program is not a PHP file, there is nothing special. Why can't other programs be accessed? You may want to say that because it is a single portal (this is just what you think), the Web server does not think that only it can be accessed, but who can be allowed to be accessed, no one is allowed to be accessed by a Web server. You can use it to restrict access to only the PHP you want. Others are not allowed.

In addition, the source code of the framework should be put out of webRoot, and only the program to be accessed should be put in webRoot. For example, your index. php has some static resources.

How to restrict access to PHP with only one entry can be checked for the Web server corresponding to the corresponding framework:

For example, YII2 and Nginx

server {    server_name xxx.idarex.com;        index index.php;    set $rootdir /var/www/html/idarex/passport/web;    root $rootdir;    location / {        try_files $uri $uri /index.php?$args;    }    location ~ \.php$ {        include fastcgi_params;        fastcgi_index index.php;        fastcgi_param SCRIPT_FILENAME $rootdir/index.php;        fastcgi_pass 127.0.0.1:9000;    }}

You can use a single-entry app to control the directories that do not allow access to the code. Generally, there are two methods:

1. Use the rewrite rules of the web server to exclude the. php file in the directory where the source code is located.

2. Put your portal file in a separate folder and use it as the root directory of the website. The source code is in the upper directory.

Rewrite Rules-non-files or directories-List Item

Let's take a look at the comparison between multiple portals and access different php files to run the corresponding functions.

Index. php-website homepage list. php? Page = 5-content list page article. php? Id = 12-content details page

A single entry program always includes a specific parameter when accessing index. php.

Index. php? Action = list can be defined as index. php? Action = info can be defined as the detailed page of Access Content

Index. php content

$action=$_GET['action']==''?'index':$_GET['action'];include('files/'.$action.'.php');

Under the normal root directory, you only need to put an index. php file to implement all the functions of your website.

To hide index. php In nginx, You need to modify the nginx configuration file.

location / {                if (!-e $request_filename) {                        rewrite ^/(.*)$ /index.php/$1 last;                }               }

For PHP programs, you can manually enter the directory structure of the project in the browser!

Define the entry at the beginning of the file (page controller or front-end Controller) that allows direct access:
If (! Defined ('app _ root') define ('app _ root ','./');
Write the following statement at the beginning of a file that cannot be accessed directly:
If (! Defined ('app _ root') exit ();

You can configure rewrite rules to implement RESTful URLs, such as Nginx:
Rewrite ^/post/([0-9] +) $/post. php? Id = $1;
Access/post/1024 Nginx will be converted to/post. php? Id = 1024.

Below