I am using Laravel for web app. Uploaded everything on production and found out that some of the files can be directly accessed by url - for example http://example.com/composer.json
How to avoid that direct access?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
You\'re using wrong web server configuration. Point your web server to a public directory and restart it.
For Apache you can use these directives:
DocumentRoot \"/path_to_laravel_project/public\"
<Directory \"/path_to_laravel_project/public\">
For nginx, you should change this line:
root /path_to_laravel_project/public;
After doing that, all Laravel files will not be accessible from browser anymore.
回答2:
That is incorrect. composer.json sits outside of the public directory and therefore should not be accessible. This means that your VirtualHost configuration is incorrect.
Please make sure that your path to your directory ends with /public.
回答3:
Point the web server to the public directory in the project\'s root folder
project root folder/public
but if you don\'t have the public folder and you are already pointing to the root folder, you can deny access by writing the following code in .htaccess file.
<Files \".env\">
Order Allow,Deny
Deny from all
Allow from 127.0.0.1
</Files>
in the above code, first we are denying from all and allowing only from the own server (localhost to the server) to get executed, and hence we can protect it from outside users.
回答4:
Set Your document root as public directory, so other files will not be accessible directly. Look for it in Your apache/nginx/??? configuration files.
回答5:
It depends on the webserver your running. With Apache it would be .htaccess files whereas with Nginx it would be handled in the server configuration file.
回答6:
You Can Deny files in .htaccess too.
<Files \"composer.json\">
Order Allow,Deny
Deny from all
</Files>
回答7:
With Apache, you can create .htaccess file in the root directory of Laravel project to rewrite all requests to public/ directory.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^(.*)$ public/$1 [L]
</IfModule>
回答8:
Point your web server to a public directory and restart it.
For Apache you can use these directives:
DocumentRoot \"/path_to_laravel_project/public\"
<Directory \"/path_to_laravel_project/public\">
Also You Can Deny files in .htaccess too.
<Files \"composer.json\">
Order Allow,Deny
Deny from all
</Files>
for multiple files you can add above files tag multiple times in .htaccess files.
回答9:
simply create blank
index.php
file in config directory , and write message in file as you like to inform acccessor user
ex. access forbindon by server
回答10:
For apache 2.4 or greater use
<Files \"web.config\">
Require all denied
</Files>
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 只靠听说 的文章《How to hide config files from direct access?》','https://www.manongdao.com/article-1292.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}