I'm trying to figure out how Magento 2 is working. I've seen something that made me confuse.
Magento 2 have 2 possible root folder:
/path/to/magento2/index.php
/path/to/magento2/pub/index.php
One is at the absolute top level of Magento 2’s distribution folder. The second is inside the “pub” folder.
If I set base URL is either of them, magento is working perfectly.
Can anyone explain me why Magento 2 using 2 root folder like that ?
Best Answer
Using
/pub
is better, because it is more secure. Why? Because in that case most of Magento's code will live outside the public document root, so the possible attack surface is smaller. In other words, when you use the top level folder as document root, you have to make sure that various folders (such asapp
) are explicitly denied in your webserver configuration.That said, not everybody can configure the document root, so Magento provided a top level
index.php
for compatibility.