Hello all,
I have a question about folders accessible from web, example:
http://newsletter.example.co/classes/
http://newsletter.example.co/api/
http://newsletter.example.co/controllers/
What folders should be protected for web access?
My OJS version is 3.1.1.4
Sorry for my bad english.
thanks to everyone.
Hi @mquintanas,
All requests to OJS should go directly to the index.php wrapper, so direct access to PHP files in subdirectories shouldn’t ever be necessary. (Requests to .css files, images, etc. will be necessary.) However, it shouldn’t be necessary to protect any of these from direct access either, as they are class files and will do nothing (or generate an error) if invoked directly via the web server. See the Recommended Configuration area in docs/README.md for information on securing your deployment.
Regards,
Alec Smecher
Public Knowledge Project Team