How can the document root be changed in web server behavior?

Question

I'd like to know if there is a way of changing the relative document root for extra security. I'll try to explain myself through the following example:

/root
    /app
    /public

Say an www.example.com request to the web server would point to the root folder.
I was wondering if there was a configuration, for instance through an .htaccess file located in said root folder, that would make the server point to the public folder instead, therefore having any remote paths always be relative to said public folder.
In this instance, www.example.com/app would request an app folder inside of public, instead of an app folder inside of root, leaving the latter to be inaccessible from a remote url request.
In the same manner, www.example.com/public would request a public folder inside of our root public folder and so forth.

I've read various topics like this one that mention using a custom .htaccess configuration to achieve something similar, but it requires the manual configuration of the request url in said file, while my intention is for it to work without further configuration no matter where you host the application. Another possible solution I've seen is doing a hard redirect through the .htaccess file, which does not solve anything actually.

Feel free to edit this post as I might have had a hard time trying to get my point across.

Answer 1

You can use this simple .htaccess file:

<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteBase /
    RewriteCond %{REQUEST_URI} !^/public/
    RewriteRule ^(.*)$ /public/$1 [L]
</IfModule>

Any request on your server will point to the public folder.

Inside the public folder you can add an extra .htaccess file handling your site rules.

Answer 2

Also you can Host multiple sites on One webserver. You can combine making VirtualHosts and Alias using mod_alias mentioned before

In this example is suposed to have your own server (either dedicated or VPS)

By using Virtualhosts you can tell to the webserver when you recieve a request to www.example.com to serve content from a specific folder.

An example Virtualhost of it is:

<Virtualhost *:80>
ServerName ^domain_or_ip^

DocumentRoot  ^path of the public folder^

DirectoryIndex index.php home.php index.html index.htm

ErrorLog ^path for a file containing php errors^
CustomLog ^path for logging whitch browser and ip visited your site^ combined
</Virtualhost>

Answer 3

I suggest that you point your server to the public folder anyhow, as it is much more secure, you could see that all frameworks behave the same way, they all have a "public" folder where the server points to.

In the public folder you have one point of entry to your scripts, like

index.php

and from this entry you will communicate with your application.

Of course you can still work the way you requested, and it will work great, but who knows maybe you will miss something and someone could access and view your "inner" files.