I've got a question.
the admin and employee can upload stuff into /public/files/uploads/
and the customers are only allowed to see a part of the files in uploads.
but when I login as customer and visit: /public/files/uploads/
I can open and view every file.
I would like to know how to protect this from customers, like when they try to open /public/files/uploads/ they redirect back to the home view.
This would need some sort of .htaccess but I can't seem to figure out how to get it working.
Any help would be appreciated.
Thanks in advance.
Try to put an empty index.html file in this folder.
Also, are your normal URLs contain public? If so, you have wrong web server configuration and you should point your web server (Apache, Nginx) to a public directory instead of Laravel project's root folder.
Related
I have uploaded my Laravel app unto a directory under the public folder on my domain,
html_docs/public/store
where 'store' is the folder of my Laravel App. My main domain pointed at 'html_docs/public', please check my laravel app here "https://www.dinhi.org/store/". As you can see, when you click the "sell with us" or "login" on the top header, it returns
Not Found
The requested URL /store/dashboard/login was not found on this server.
I have set up to in my '.env' and in my 'config/app.php' the right url like "https://www.dinhi.org/store/" but still not working, any ideas, help please?
PS: I'm on Laravel 5.3 and I'm using Hesto Multi Auth. In my local, this issue does not exist like everything is good and working.
Laravel is not meant to be installed completely into the document root of your server. Actually, every folder of your laravel application except the public folder should be inaccessible from the web.
Your exposing yourself to a security risk here, since everybody could access every file of your app, including potential .env files with database credentials and the likes.
Cheers
Christoph
I am trying to create a test environment for a Magento site. I downloaded all the files and the database and restored to XAMPP. I changed the two base urls in the core_config_data table to http://magento.local/magento/ and modified the Magento config file to connect to the local database. I also added magento.local in the hosts file. I'm using magento.local as I read Magento must have a . in the domain name. The site almost works except on the front end when on http://magento.local/magento/ and try and go to a different page it tries to access http://magento.local/pagename/ and gives a 404 error, i can access through http://magento.local/magento/index.php/pagename. I have also disabled Web Server Rewrites in the backend as I read that is supposed to fix this problem. Any suggestions much appreciated.
Thanks
Alex
I developed a site in codeigniter with basic functionality now i want to update this site to my live server. But when i uploaded my site to live server it shows 404 - PAGE NOT FOUND.
http://www.nawtist.com/test/ams/
Please tell me what do i need to do. I searched a lot about this but i didn't found any helpful information. So is there any base_url or anything else that i need to change before upload this on live server really appreciate
And remember, many servers are case-sensitive and with CodeIgniter v3 you should change the controller's first letter file and model's first letter file to upper case. That worked for me too.
Best
You have problem with your htaccess file or mod_rewrite is disable on that server.
When you go to page with index.php it works (although css file doesn't work because of bad routing)
also check if $config['index_page']=''; if it should work without index.php
I had the same problem times ago and there are 4 points in codeigniter to care about as I remember:
Check base_url value in your "config.php"
Check database settings in "database.php"
Check .htaccess file contents if you have defined it once
Check routes.php if you have defined any custom routes
That's all!
If you are facing 404 page not found in Codeigniter after upload file local to live server then follow these steps
change your controller and file name first letter capital
same change as above in model class and file name i.e first letter capital
After following steps above your problem can be solve Thank you.
By default Joomla admin URL is yoursitename/administrator. How can I change this for Joomla 1.5 so that it doesn't affect my modules and components or any other thing on the backend.
I don't think that would be a good idea, because some links to '/administator' in modules/components are hardcoded (static), so you better should use some of these plugins http://extensions.joomla.org/extensions/access-a-security/site-security/login-protection or just try something with .htaccess (ask for password, IP filtering etc...)
Install the jSecure Authentication plugin.
Every Joomla back-end has the same URL. If you install a security plugin, you can add a suffix to your back-end URL to make it look like this: http://www.yoursite.com/administrator?helloworld
If the URL is not entered with a correct suffix, the site will redirect to a 404 (not found) page. Change the suffix regularly.
I use the changeadmin component to kind of hide the admin url:
http://extensions.joomla.org/extensions/access-a-security/site-security/login-protection/14666
Here is a Simple Step(And it's not a correct method but it works for me),
Just Create a new folder in your root directory.
create index.php (or some other name) in that folder, and add the following code
$admin_cookie_code="2145446497812";
setcookie("JoomlaAdminSession",$admin_cookie_code,0,"/");
header("Location: ../administrator/index.php");
Then add the following code inside administrator/index.php . Please make sure to add this immediately after opening the PHP tag.
if($_COOKIE['JoomlaAdminSession']!= "159753987456321")
{
header('Location:../index.php');
}
Then try to access the administrator login by typing your root_joomla_address/new_folder_name. Then it will automatically redirect to your admin page. If you tried to access the default admin login page directly then it will redirect to the Joomla home page.
Hope this will works. I don't claim this a correct procedure. But if you looking to avoid a plugin, then this hack will help you.
with simple step you can restrict to access your administrator login page
Follow bellow steps:
before going through all steps first find your id address from this link www.whatismyip.com
Create a .htaccess file in administrator folder.
Now write following code in .htaccess file
<Limit GET POST> deny,allow deny from all allow from 192.168.0.1</Limit>
3.Now write your own ip instead of 192.168.0.1
4.Finally save the file and try to access your administrator page from your ip and different ip.
Hope it'll help. Thanks.
I want to prevent users access for my "~/Content/..." folder I wrote it as follow in "Global.asax.cs" and put this line of code at the top of every other routes
routes.IgnoreRoute("Content/{*pathInfo}");
but it does not work. in fact user can see every files in content folder by type the URL in browser.
am I missing something?
How did you figure out that it does not work? Give example.
You may have put it last in the Routing table. So try to move it up so that it gets added to the routing table first. The route collection is an ordered list of routes.
Also try this : Routes.IgnoreRoute("Content/");, but your version of ignore is also correct and it should work.
Lastly, I do not know what you mean when you say the user can see all the contents of the Content folder : Isn't that the point? User must be able to download files from the folder, and we usually just need MVC to ignore the requests from coming into the framework, and so that IIS can directly serve those files.
or did you mean Directory browsing is enabled, and you want to disable that : In that case go to IIS manager, and select your website and look for the Directory browsing option and disable it as shown here.
Your problem cannot be solved by routing constraints. There are 3 significant steps in processing request:
IIS got request.
IIS watch at filesystem and search for direct correspondence to file
If IIS didn't found any file - it gives request to ASP.NET MVC for processing.
So, you need to configure folder security to forbidden direct access to files, but allow access to application, as here.
But I don't recommend to secure folder, that should be shared. I don't believe that your site shouldn't have images to display :) If you have some secured content, you need to create another folder.