Developing an API using laravel.
Getting 403 Forbidden on PUT request.
Works on a remote server but not locally. Using MAMP for the local server.
Here is my virtual host, I don't see anything off.
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot "/Users/dg/Documents/Websites/domain.com/public_html/dev/public_html"
ServerName domain.local
ServerAlias www.domain.local
<Directory />
Options Indexes FollowSymLinks
AllowOverride All
</Directory>
ErrorLog "/Users/dg/Documents/Websites/domain.com/public_html/dev/error_log"
CustomLog "/Users/dg/Documents/Websites/domain.com/public_html/dev/access_log" common
</VirtualHost>
I've looked at other similar questions on SO but no solution yet.
Found the solution here: https://serverfault.com/questions/275512/put-request-results-in-403-forbidden-need-apache-to-allow-put-requests
Added the following to .htaccess at the document root:
<Limit GET POST PUT DELETE HEAD OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST PUT DELETE HEAD OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
According to #drack's answer I edit my .htaccess using this code:
<Limit GET POST PUT OPTIONS>
Require all granted
</Limit>
<LimitExcept GET POST PUT OPTIONS>
Require all denied
</LimitExcept>
My complete .htaccess file is:
Header add Access-Control-Allow-Origin: "*"
Header add Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT"
Header add Access-Control-Allow-Headers: "Content-Type"
<Limit GET POST PUT OPTIONS>
Require all granted
</Limit>
<LimitExcept GET POST PUT OPTIONS>
Require all denied
</LimitExcept>
# BEGIN WordPress
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
# END WordPress
And 403 error goes away in put request.
In my vhosts file I put:
RewriteCond %{REQUEST_METHOD} !^(HEAD|GET|POST|PUT)$ [NC]
This allowed it for me. I tried all of the other solutions and nothing worked but this.
Related
The title says everything. It's a laravel setup running on apache. I have full root terminal access. Managed to wreck the permissions and now the app just shows the 'Forbidden' message for the /authenticate/token route.
Tried all different kinds of permission arrangements for directories and files. Confirmed ownership by apache and tried ownership by sudo user on selective files too. Disabled selinux as well
Don't remember how but something gave me a hint that the problem might have something to do with the session files in /storage/frameworks/sessions.
Weird bit, sometimes the app magically loads, but most times it doesn't.
Help?
EDIT: Made a mistake while checking details. The route for which the Forbidden message comes is "https://[domain]/?host=[...]&shop=[...]&token=[...]". The route I mentioned above is actually the referring URL.
EDIT:
.htaccess from /public folder
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Send Requests To Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
Error Screen in Shopify Admin (Dev Store)
Laravel Error Log: Clean
Apache Error Log: "[evasive20:error] client denied by server configuration: /var/www/[laravel-folder]/public/, referrer [same path as the previous edit]"
EDIT: Apache server/vhost config:-
<VirtualHost *:80> //don't worry about this, after routing through ngrok's tunnel it comes out as https
ServerAdmin [email]
ServerName [url]
DocumentRoot /var/www/contact-us/public
<Directory /var/www/contact-us/public>
Options Indexes FollowSymlinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
firstly you try this:
php artisan storage:link
And make sure that you have all of the folders in your
storage/framework:
sessions
views
cache
I am deploy Laravel on ubuntu 18.04 apache to production with SSL certificate.
When i open the web on server's browser with https (i.e https ://example.co), the web open perfectly with valid certificate.
But when i open on other PC (with different network) using https://example.co, i got this error
This site can’t be reached
Check DNS_PROBE_FINISHED_NXDOMAIN
but if i use http://www.example.co on other PC (with different network), the web is ok and can working.
here is my conf in /etc/apache2/site-enabled/laravel.conf
<VirtualHost *:443>
ServerName 10.xx.x.xxx
ServerAlias www.example.co
DocumentRoot /var/www/laravel/public
SSLEngine On
SSLCertificateFile "/etc/ssl/certs/domain.crt"
SSLCertificateKeyFile "/etc/ssl/private/domain.key"
SSLCertificateChainFile "/etc/ssl/certs/intermediate.crt"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
<Directory /var/www/laravel/public>
DirectoryIndex index.php
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName 10.x.xx.xxx
DocumentRoot /var/www/laravel/public
<Directory /var/www/laravel>
AllowOverride All
</Directory>
</VirtualHost>
here is my .htaccess on /laravel/public/.htaccess
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
.env
APP_DEBUG=false
APP_URL=https://example.co
is there configuration that i've missing?
I have Laravel 6.4 installed on ubuntu 18.04 with php 7.2 and apache2. I have built a case study to develop an api and when I execute the php artisan serve command and use postman to do the query everything works fine. But if I create a virtualhost, I can see the website without problems, however, when executing a query through the postman I get the 404 error.
The .htaccess file is the one that brings by default laravel:
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
and my virtualhost is the following:
<VirtualHost test-api.local:80>
ServerName test-api.local
DocumentRoot /var/www/html/restlav/public
DirectoryIndex index.php
ErrorLog ${APACHE_LOG_DIR}/test-api.local-error.log
CustomLog ${APACHE_LOG_DIR}/test-api.local-access.log combined
<Directory "/var/www/html/restlav">
Options +FollowSymLinks
RewriteEngine On
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
I have already tried to make the changes that are suggested in the official documentation and nothing. The rewrite module is enabled. If anyone could help me I appreciate it in advance.
In the <Directory> section you need to set AllowOverride to All:
<VirtualHost test-api.local:80>
ServerName test-api.local
DocumentRoot /var/www/html/restlav/public
DirectoryIndex index.php
ErrorLog ${APACHE_LOG_DIR}/test-api.local-error.log
CustomLog ${APACHE_LOG_DIR}/test-api.local-access.log combined
<Directory "/var/www/html/restlav">
Options +FollowSymLinks
RewriteEngine On
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Also make sure to enable the rewrite module in the apache server:
$ sudo a2enmod rewrite
And don't forget to finally restart the apache server to make the changes come into effect:
$ sudo systemctl restart apache2
I have Magento installed on my site at mydomain.com/magento. I'm happy with it to stay in this directory, however when people visit the site directly (i.e. mydomain.com) I would like this to open the Magento folder. How can I do this?
Thank you very much.
You have to make your server redirect "mydomain.com" to the directory you have installed Magento at. If you are using apache you could add a virtualhost like the one below to your httpd.conf:
<VirtualHost *:80>
ServerName mydomain.com
DocumentRoot "/yourpath/magento"
CustomLog "/tmp/access_log" common
LogLevel debug
ErrorLog "/tmp/error.log"
<Directory "/yourpath/magento">
Options FollowSymLinks Multiviews Indexes
MultiviewsMatch Any
# Rewrites to allow links
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# We are not allowing any directive contained in a .htaccess file
AllowOverride None
# We grant all permissions
Require all granted
</Directory>
Disclaimer - I'm a total newb when it comes to this. Inherited this issue.
I just installed the SSL certificate to our website. Install seems to have gone fine. Whenever I try to access a page via https I receive a 310 - Too many redirects error. I suspect this has something to do with how my virtual host is setup but I don't know enough about what I am looking at.
Here is the code from the SSL virtual host
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile "/path/file.crt"
SSLCertificateKeyFile "/path/file.key"
SSLCertificateChainFile "/path/file.crt"
ServerAdmin admins#email.com
ServerName domain.com
DocumentRoot /var/www/domain.com/www
<Directory /var/www/domain.com/www>
SSLRequireSSL
Options -Indexes +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^labs$ http://www.mdlabtests.com/ [L]
RewriteRule ^imaging$ http://prepaidimaging.com/ [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([0-9a-zA-Z]*)$ /index.php?aid=$1 [L]
</Directory>
ErrorLog /path/file.log
TransferLog /path/file.log
LogLevel warn
Alias /comp /var/www/domain.com/www/comp.php
<Location /card>
DirectoryIndex create_card.php
</Location>
php_admin_value session.cookie_domain "domain.com"
php_admin_flag session.cookie_secure off
php_admin_value open_basedir "/var/www/domain.com/:/var/www/sub_dir/cg/:/usr/share/php/"
php_value include_path ".:/var/www/domain.com/includes:/usr/share/php"
php_admin_flag file_uploads off
The page I am trying to access is https://domain.com/enrollment.php
Any ideas?
Or do you have an .htaccess file lurking on your filesystem?