Laravel: .env file showing for some domain - laravel

I made some projects on laravel with a different version like 5.0, 5.6
My .env file is placed in the root folder and .env code is visible publicly.
I use the below code for hiding the .env file in htaccess
# Hide a specific file
<Files .env>
Order allow,deny
Deny from all
</Files>
above code is working in some domain like myproject.io but not working in project.ai
Please help me
Thanks in advance


Another alternate is update your root .htaccess with the following code:
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -d [OR]
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ ^$1 [N]
RewriteCond %{REQUEST_URI} (\.\w+$) [NC]
RewriteRule ^(.*)$ public/$1
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ server.php
</IfModule>


Did you try with protecting all the dot(.) files?
In nginx
# Block dot files
location ~ /. {
deny all;
}
Apache
<FilesMatch "^\.">
Order allow,deny
Deny from all
</FilesMatch>

Related

PHP - Error 404 after choose dropdown list

404 Error
I got this error when choose data from dropdown list. Below is my .htaccess file
I have go through my codes but did not find what's wrong. Can anyone help me how to debug in php? I am using Wamp server.
<IfModule mod_rewrite.c>
RewriteEngine On
#RewriteBase /
<Files .*>
Order Deny,Allow
Deny From All
</Files>
# Allow asset folders through
RewriteRule ^(fuel/modules/(.+)?/assets/(.+)) - [L]
# Protect application and system files from being viewed
RewriteRule ^(fuel/install/.+|fuel/crons/.+|fuel/data_backup/.+|fuel/codeigniter/.+|fuel/modules/.+|fuel/application/.+|\.git.+) - [F,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php/$0 [L]
</IfModule>
Options -Indexes

Laravel: How to configure api.php routes for shared hosting?

I have the following .htaccess fille:
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Send Requests To Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
#disable directory browsing
Options -Indexes
#PROTECT ENV FILE
<Files .env>
order allow,deny
Deny from all
</Files>
#PROTECT ENV FILE
<Files .htaccess>
order allow,deny
Deny from all
</Files>
But the problem is I get a 404 status code in my production environment when trying to load "getservicedata" from a vue.js component. I think the problem is in the URL because it works when I type in the correct url, but the problem is the app loads the API from wrong URL.
I followed this guide to setup laravel shared hosting: https://laravelarticle.com/deploy-laravel-on-shared-hosting

how to config Laravel 6 in subfolder domain?

I have a Laravel 6 app which is working fine locally on redhat apache.
my client setting the domain and must using /abc ater the domain
i.e domain.or/abc
i put my root folder into /var/www/abc/
In config/app.php I have
'url' => 'h t t ps :// domain.or/abc',
In pfi/public/.htaccess I have
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
RewriteBase /abc
# Redirect Trailing Slashes...
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
I can access domain.or/abc and the page loads (without styles, images, ...). But all the other links to pages, images, css, js, ... are wrong. For example, they link to
domain.or/css/style.css
instead of linking to
domain.or/PFI/css/style.css
i.e., "PFI" is missing from all the links.
If I go to
domain.or/abc/login
i got 403 error, but if domain.or/login, page load without css,js
and if i open css,js file manually by copy the link to the new tab
i.e domain.or/abc/css/style.css the css dont load, it only show the main page instead of css scripts

in order to fix this issue:
ensure that inside .env file APP_URL=https://domain.or/PFI
ensure the same for config/app.php file 'url' => env('APP_URL', 'https://domain.or/PFI'),
edit your public/index.php you have to change the path of these to line to be consistent with the actual path
$app = require_once __DIR__.'/../path_to_public_folder/bootstrap/app.php';
require __DIR__.'/../path_to_public_folder/vendor/autoload.php';
in .htaccess
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Redirect http to https
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
<IfModule mod_headers.c>
# Prevent click jacking
Header set X-Frame-Options Deny
Header set X-Frame-Options: SAMEORIGIN
</IfModule>
</IfModule>

I got the answer
The changes i did:(my apps folder is laravel)
create folder on /var/www/ same with ur subfolder domain, sudo mkdir PFI
Create softlink: ln -s /var/www/laravel/public /var/www/PFI
Update httpd.conf
<VirtualHost *:80>
ServerName xxxx
DocumentRoot /var/www/PFI
Redirect permanent / https://xxx/PFI
<Directory /var/www/laravel/public>
AllowOverride All
</Directory>
</VirtualHost>
<VirtualHost _default_:443>
ServerName XXX
DocumentRoot /var/www/PFI
</VirtualHost>
update on my layouts with
and all my css,js change to <href ="css/style.css">

Image not loading from custome-directory of public directory at Laravel 6

I am storing all of image at custom directory at laravel project root folder.
Custom directory means i have created new folder like "upload_files" at root directory.
whenever i am calling any files from this directory url be like "http://domainName.com/upload_files/folderName/fileName.jpg
But it's loading at web view.
Note : Image are loading from public directory.
Here is my .htaccess file code below
Note : I created new .htaccess file at root directory instead public folder .htaccess both file are exisiting at the project
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -d [OR]
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ ^$1 [N]
RewriteCond %{REQUEST_URI} (\.\w+$) [NC]
RewriteRule ^(.*)$ public/$1
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ server.php
</IfModule>
# Deny index view Options -Indexes
# Deny view a specific file <Files .env> Order allow,deny Deny from all </Files>

Before these lines
RewriteCond %{REQUEST_URI} (\.\w+$) [NC]
RewriteRule ^(.*)$ public/$1
Try to add this
RewriteCond $1 !^(upload_files)
This will allow access to upload_files
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -d [OR]
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ ^$1 [N]
RewriteCond $1 !^(upload_files)
RewriteCond %{REQUEST_URI} (\.\w+$) [NC]
RewriteRule ^(.*)$ public/$1
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ server.php
</IfModule>
# Deny index view Options -Indexes
# Deny view a specific file <Files .env> Order allow,deny Deny from all </Files>
this should fix the problem
RewriteRule ^(.*)$ public/$1
means all your request going to the public folder. so here are we are excluding the request for the upload_files
RewriteCond $1 !^(upload_files)

How to deploy Laravel Project on Google Cloud Virtual Machine?

I'm trying to deploy my Laravel project on Google Cloud VM, it did directing to my index.php file but it supposed to routing to the controller instead of showing the index.php code line.
Here is the result
Then i try to change the .htaccess file like the code below:
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
#I'm adding this code
RewriteRule ^(.*)$ public/$1 [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Send Requests To Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
And here is the result
After that i remove that line and try to change all the 'AllowOverride None' lines to 'AllowOverride All' inside of apache2.conf file, then remove the lines that prevent .htaccess and .htpasswd files from being viewed by Web clients:
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
But the result is still same like the first result
And then i'm trying to add this line:
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
inside of apache2.conf file but then again the result is still same like the first result
I already install Composer inside of the project but it still not working.
Thank you.
P.S: Sorry for my bad English.

Resources