Reputation: 68
Laravel - prevent file access outside of public while deployment is in subfolder
I am relatively new to laravel so pardon me if it is a bad practice. I have a godaddy domain lets say example.com which is pointed to my ec2 instance. I have 2 projects example.com website and Admin. so my folder structure is
- /var/www/html
- website
- admin
I wanted to point example.com to point /website so I managed that from virtual host like below
<VirtualHost *:443>
ServerName example.com
DocumentRoot "/var/www/html/website"
</VirtualHost>
This works as expected.
now I wanted to access admin panel by example.com/admin
for that, I created symlink in /website as admin which is pointing to /admin folder.
With above aproach, I can access admin using example.com/admin/public which is as per my expectation as all users are already using /public url.
Now the problem is when I access example.com/admin/ without public, it shows all the files outside of public and also I can see the .env file using url. How can I avoid this?
Upvotes: 0
Views: 1001
Answers (2)
Reputation: 68
Well, I found a good solution
First, I added .htaccess file with following lines
RewriteEngine On
RewriteRule ^ public [L]
This redirected everything to /public
Second, for extra security, I restricted access to .env file using
<Files .env>
order allow,deny
Deny from all
</Files>
Still I would like to have some suggesions if any. Thank you.
Upvotes: 0
Reputation: 1920
In Virtual Host configuration, restrict Listing via Options directive
DocumentRoot "/var/www/html/website"
<Directory "/var/www/html/website">
Options -Indexes +FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Furthermore, in virtual host configuration, you can restrict individual files as well from public access like this
<Files composer.json>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
<Files .env>
<IfVersion < 2.4>
order allow,deny
deny from all
</IfVersion>
<IfVersion >= 2.4>
Require all denied
</IfVersion>
</Files>
Upvotes: 1
Related Questions
- Laravel deny access to /public directory
- Laravel, protecting a folder in public folder
- How to make a public directory restricted in laravel?
- Laravel: Prevent direct access of files from public folder
- How can I protect path of my public folder in Laravel
- Host laravel on public_html and avoid people to access files
- prevent the access of folders that are not under public in laravel 4.2
- restrict access on public folder in laravel 4.2
- How can I prevent users from viewing the root directory of my laravel app?
- Laravel 4: prevent access to any file or folder except public