i developed a website in laravel but problem is if someone know the name of files he can directly access that files of website which i don't want
JobScholar
app
Exceptions
Http
Mail
Models
Permission.php
Providers -
Role.php
User.php
.env
etc etc
application is working fine but what i want if user type
http://localhost:8080/JobScholar/app/
or
http://localhost:8080/JobScholar/User.php/
he should rediret to home controller or see an error message
my .htaccess
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
Options -Indexes
ErrorDocument 403 http://localhost:8080/JobScholar/index
Options +FollowSymLinks
</IfModule>
RewriteEngine On
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /JobScholar/$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
## Don't listing directory
#Options -Indexes
#
## Follow symbolic links
#
#
## Default handler
#DirectoryIndex index.php
i don't want the user to access any of the file or directory the only directory and files he can see are only those whose routes are defines
Laravel basic flow is that ALL the requests go through index.php file in public folder. So you have to make sure your server points all the request to that folder so index.php can serve and take care of the rest.
Quick fix is to create vHost file(assuming you're not on shared host).
Here's a sample:
<VirtualHost *:80>
ServerName www.site.com
ServerAlias site.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/site_name/public
<Directory /var/www/html/site_name/public>
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
On apache server it will go in:
/etc/apache2/sites-available/
Then enable the site a2ensite site_name.conf
Finally point your site to server IP in /etc/hosts like so: 127.0.0.45 site.com
Also be sure to enable mod rewrite using a2enmod rewrite so .htaccess provided by Laravel can make required rewrites to the URL.
Finally restart apache: service apache2 restart
Related
I created an Laravel API.
First, it was using HTTP, I needed to change it to use https.
So I created an account on Cloudflare and since then when I go to my API endpoints:
GET: https://www.traapp.tk/api/data/20190809 it gives a 404:
Not Found
The requested URL /api/data/20190809 was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to
use an ErrorDocument to handle the request.
I also have a POST request and that returns a 404 to.
.htacces
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
api.php
Route::middleware('auth:api')->get('/user', function (Request $request) {
return $request->user();
});
Route::get('data/{date}', 'MainController#index');
Route::post('route', 'MainController#getAllRoutesOfACertainDay');
MainController
public function index ($date) {
$responseServer = json_decode($this->makeRequest(str_replace('DATE', $date, env('BASE_URL') . env('SCHEDULES'))),true);
return $this->respond($responseServer);
}
I tried solutions like these:
Force Laravel to use HTTPS version
How to implement HTTPS in laravel 5.4
That's a 404 from your Web server not from your laravel. I guess you forgot to change the declared port in your Vhost configuration from 80 to 443.
Cloudflare example:
<VirtualHost *:443>
ServerName.....
First try to enter to GET routes, if you have 403 or 404, the problem is the nginx configuration, look the log, and if the problem is the doesn't find index.html in public_html is the root configuration of your nginx or apache2
Apache 2 has te config in the /etc/apache2/sites-enabled/ and your-domain.conf when you activate ssl in your site the problem can be, that the site generates another conf file, like your-domain.ssl.conf and this file looks like
ServerName domain.com
ServerAlias www.domain.com
ServerAdmin info#domain.com
DocumentRoot /home/admin/web/domain.com/public_html/public <----- here is the change
ScriptAlias /cgi-bin/ /home/admin/web/pdomain.com/cgi-bin/
Alias /vstats/ /home/admin/web/domain.com/stats/
Alias /error/ /home/admin/web/domain.com/document_errors/
#SuexecUserGroup admin admin
CustomLog /var/log/apache2/domains/domain.com.bytes bytes
CustomLog /var/log/apache2/domains/domain.com.log combined
ErrorLog /var/log/apache2/domains/domain.com.error.log
<Directory /home/admin/web/domain.com/public_html>
AllowOverride All
SSLRequireSSL
Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir /home/admin/web/domain.com/public_html:/home/admin/tmp
php_admin_value upload_tmp_dir /home/admin/tmp
php_admin_value session.save_path /home/admin/tmp
</Directory>
<Directory /home/admin/web/domain.com/stats>
AllowOverride All
</Directory>
SSLEngine on
SSLVerifyClient none
SSLCertificateFile /home/admin/conf/web/ssl.domain.com.crt
SSLCertificateKeyFile /home/admin/conf/web/ssl.domain.com.key
SSLCertificateChainFile /home/admin/conf/web/ssl.domain.com.ca
<IfModule mod_ruid2.c>
RMode config
RUidGid admin admin
RGroups www-data
</IfModule>
<IfModule itk.c>
AssignUserID admin admin
</IfModule>
IncludeOptional /home/admin/conf/web/sapache2.domain.com.conf*
I've a website lets say website.fr ( on server : /web/website ) ;
I ve added a symfony blog app in /web/website/blog/.
I dont manage to access the blog via website.fr/blog/ (404 error)
There is a .htaccess file in /web/website/blog/ directory, and one in /web/website/blog/web directory.
I am used to deploy symfony apps 'alone' on a server, and make the domain point to the web dir of the app, and everything always works fine, but in this configuration, I cant get it to work.
I have tried to use the following .htaccess conf under /web/website/blog/ :
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ web/$1 [QSA,L]
</IfModule>
And I did not edit the default one under /web/website/blog/web/
Im not sure what Im doing wrong, so any help would be appreciated !
For me I use .. nano /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerName domain.tld
ServerAlias www.domain.tld
DocumentRoot /var/www/project/web
<Directory /var/www/project/web>
AllowOverride All
Order Allow,Deny
Allow from All
</Directory>
# uncomment the following lines if you install assets as symlinks
# or run into problems when compiling LESS/Sass/CoffeeScript assets
# <Directory /var/www/project>
# Options FollowSymlinks
# </Directory>
ErrorLog /var/log/apache2/project_error.log
CustomLog /var/log/apache2/project_access.log combined
</VirtualHost>
which is explained Here and restart Apache, but I do not know if I understand your problem
I couldn't get what I wanted, but here is the solution I implemented :
I created a .htaccess in /web/website dir, that rewrites all requests to /web/website/blog, with the root (/) excluded from this rewriting :
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ blog/web/$1 [QSA,L]
</IfModule>
That's not the way I wanted to get my rewriting, but I have the result I expected ; note that it would not be a good solution for a website that would evolve with new modules, routes, folders...
I have deployed an application to an apache server and it works fine, well only the homepage. As soon as I try to go to a route I get the Not found error in my request log I see GET /users 404
My virtual host file:
<VirtualHost *:80>
SetEnv ENVPHP acc
ServerName someurlblabla.com
DocumentRoot "/var/www/html/projectname/public"
<Directory "/var/www/html/projectname/public">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from All
</Directory>
</VirtualHost>
The .htaccess file is just the default laravel one with apache being able to access and read it.
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
I'm a bit lost since I don't get any errors in my log and I have no idea what is going on.
what's about this:
<VirtualHost *:80>
SetEnv ENVPHP acc
ServerName someurlblabla.com
DocumentRoot "/var/www/html/projectname/public"
<Directory "/var/www/html/projectname">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from All
</Directory>
</VirtualHost>
Probably you don't wanna hear this, but switching to Nginx will solve a lot of these problems , and your site will run faster. That's why Laravel Valet uses Nginx.
i am very new to laravel. i've tried following solution to remove '.public/index.php' from Laravel url.
i have one htaccess file on root and other in public folder.
in root file i've written
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]
</IfModule>
and in public folder's htaccess file i wrote
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Redirect Trailing Slashes...
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
but nothing worked.
still it opens list of directories in laravel
all i want is to convert my url www.abc.com/public/index.php into www.abc.com/ without removing files from public folder to some other folder type solution.
You simply need to fix your Document root and the Directory override rule within your sites .conf file.
On Ubuntu you will find this in /etc/apache2/sites-available
Your file should look something like this:
<VirtualHost *:80>
ServerName xxx.com
ServerAlias www.xxx.com
ServerAdmin xxx#xxx.com
DocumentRoot /var/www/html/laravel/public/ //<<< add public to your document root
<Directory "/var/www/html/laravel/public"> ## <<< add the override rule if not exists
AllowOverride all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Your laravel app should not be in the document root in any case, as you would allow anybody to access it!
SIDENOTE:
If you are using plesk or c-panel, you can edit the document root within the domain settings.
In your Apache configuration, set the document root to /yourapp/public -- this is meant to be the root web accessible folder; you're opening yourself up to access you may not want if the webroot is anything other than Laravel's public folder.
Am new to laravel, I have install laravel using composer in my linux server, the problem is I couldn't able to access the domainname.com but domainname.com/public/ then only I can able to access the page. Kindly suggest me how to access the site with domainname.com/ instead of domainname.com/public/
Am running in shared hosting so there multiple domain name with folders are available as well.
First, make sure that your rewrite module is enabled. In your case, share hosting providers often enable it for you.
Second, create an .htaccess file in your home folder (the folder contains artisan file) with this content.
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
</IfModule>
# For all files not found in the file system, reroute the request to the
# "index.php" front controller, keeping the query string intact
<IfModule mod_rewrite.c>
RewriteCond $1 !^(public)
RewriteRule ^(.*)$ /public/$1 [L]
</IfModule>
You need to add a <VirtualHost> in your Apache configuration:
<VirtualHost *:80>
ServerAdmin admin#localhost
DocumentRoot /path/to/your/laravel/public
ServerName your.domain.com
<Directory /path/to/your/laravel/public>
AllowOverride None
Order allow,deny
Allow from All
Options FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
</Directory>
</VirtualHost>
Then you can access your Laravel site as:
http://your.domain.com/