EXC | DEV | Documentation | Version 1.0
In EXC we recommend that you place your code in a folder named
The following is an explanation of options recommended for your
In the example above the part after
In this rule we have to ensure that we have a correct path to
In a setup where EXC is a shared instance we may want to place this rewrite rule in a
Protecting your php code
It is a good idea to isolate your code so that only the absolute minimum is reachable via traditional http.In EXC we recommend that you place your code in a folder named
src. To protect this folder you just need to add a .htaccess file with the following line:deny from allThis prevent users to make direct http request to your files.
.htaccess File
EXC uses an .htaccess file under APACHE to add some rewrite rules and add some security options.The following is an explanation of options recommended for your
.htaccess.Security entries
Options -IndexesDisable directory listing
Lock down files
<files app.php> order allow,deny deny from all </files> <files controller.*.php> order allow,deny deny from all </files>Disable access to special files, request for these files will get a HTTP 403 Forbidden error.
Rewrite Rules
The rules for short-hand urls included in the.htaccess are mainly for scenarios where you have one instance of EXC that is acting as an application server. In a more typical setting of stand-alone applications these rule may not be considered that much useful, but we urge users to keep them on their deployments.Short-Hand for the javascript and css folder
RewriteRule ^((?:[^\/]*/)*)(a\/)([A-Za-z0-9-_\.]+\.js)$ $1/assets/js/$3 [L,QSA] RewriteRule ^((?:[^\/]*/)*)(a\/)([A-Za-z0-9-_\.]+\.css)$ $1/assets/css/$3 [L,QSA]These rules allows to access files in your application's
assets/js/ and assets/css/ by just using the shorthand myapp/a/script.js or myapp/a/style.css which will map to your corresponding js or css folder.Short-Hand for the assets folder
RewriteRule ^((?:[^\/]*/)*)(a\/)([A-Za-z0-9-_\.]+\.[a-z]{2,3})$ $1/assets/$3 [L,QSA]
This rules allows you to refeer to you assets folder just using a/, for example myapp/a/myfolder/afile.css will be myapp/assets/myfolder/afile.css.Controller Mapping
RewriteRule ^((?:[^\/]*/)*)(c\/)([A-Za-z0-9-_]+\.[A-Za-z0-9-_]+|[A-Za-z0-9-_]+)$ exc/loader.php [L,QSA]This rule adds what we call a controller URL. A controller url look like this:
/myapp/c/main or /myapp/c/main.loadRecordIn the example above the part after
/c/ is what we call the controller segment. It tells EXC that you are invoking a given action in your controller. In the first example the controller is main and it does not specify an action. The second example also calls the controller main but it specifies the action loadRecord. A controller url is send to /exc/loader.php to dispatch the request.In this rule we have to ensure that we have a correct path to
exc/loader.php depending on your setup. As provided in this example it would look for the folder exc in the same folder that you have your .htaccess file.In a setup where EXC is a shared instance we may want to place this rewrite rule in a
.htaccess on the same folder where you put the shared instance of exc. This will allow for some handy urls, for example lets say we put our exc folder to be shared in the folder apps of our document root, then we can do:https://mydomain/apps/myapp/c/main.startJWT Support
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
Enable JWT support by copying any Authorization header to an environment variable.Optional entries
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.com [NC,OR]
RewriteRule \.(jpeg|JPEG|jpe|JPE|jpg|JPG|gif|GIF|png|PNG|mng|MNG|svg|SVG)$ - [F]
Prevent image hot linking, explained here.
