htaccess
An .htaccess (short for hypertext access) file is a configuration file for use on web servers running the Apache Web Server software. When a .htaccess file is placed in a directory which is in turn 'loaded via the Apache Web Server', then the .htaccess file is detected and executed by the Apache Web Server software.
These .htaccess files can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer. These facilities include basic redirect functionality, for instance if a 404 file not found error occurs, or for more advanced functions such as content password protection or image hot link prevention.
In a Pair project, there are two .htaccess files.
RewriteEngine On
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]This rule is used to redirect all requests to the public subfolder, where the index.php file is located. This is a security measure to prevent direct access to the project files, which could be exploited by malicious users.
RewriteEngine On
Options +FollowSymLinks -Indexes
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule (.*) index.php
<FilesMatch "manifest.xml|\.(php|ini)$">
Order Deny,Allow
Deny from all
</FilesMatch>
<Files index.php>
Order Allow,Deny
Allow from all
</Files>The rules just mentioned serve to deny direct access to the php, ini and xml files, which could provide precious clues to anyone who maliciously wants to explore the web project.
Depending on the configuration and permissions of the web server your project is running on, you may need to edit or comment out the second line of the .htaccess file.
# modified
Options -FollowSymLinks -Indexes# disabled
# Options +FollowLinkSym -IndexesIf the server configuration is denied the ability to change one or both of these attributes, Apache will throw a blocking error when the project starts.
