Asked  7 Months ago    Answers:  5   Viewed   32 times

I am using Laravel for web app. Uploaded everything on production and found out that some of the files can be directly accessed by url - for example http://example.com/composer.json

How to avoid that direct access?

 Answers

95

You're using wrong web server configuration. Point your web server to a public directory and restart it.

For Apache you can use these directives:

DocumentRoot "/path_to_laravel_project/public"
<Directory "/path_to_laravel_project/public">

For nginx, you should change this line:

root /path_to_laravel_project/public;

After doing that, all Laravel files will not be accessible from browser anymore.

Wednesday, March 31, 2021
 
RenegadeAndy
answered 7 Months ago
62

The problem is that your .htaccess is rewriting everything to the frontcontroller, which is normally located at {host}/index.php. In your application however it is located at {host}/quotes/public/index.php.

So you have 2 options:

1. virtual host
Set up a virtual host in your XAMPP Apache that points ie. myapp.local to htdocs/quotes/public Here is an example of how to achieve this: how to create virtual host on XAMPP. (Don't forget to add the host to your hosts file and have it point to your local macine on 127.0.0.1) You can then access your application on myapp.local/whatever-route-you-define. Alternatively you forget about XAMMP and install the homestead virtual machine, which comes preconfigured for this.

2. rewrite rule
Change you rewrite rule to rewrite all requests to quotes/public/index.php in stead of index.php. I'm no htaccess expert, but I believe it should be as simple as changing this:

RewriteRule ^ index.php [L]

to this:

RewriteRule ^ quotes/public/index.php [L]

Do note that you'll still need to access your application trough localhost/quotes/public/whatever-route-you-define which is not ideal imo. Your dev version should be as close to your live version as possible, and if you start working with absolute and relative paths and stuff in your code things will become a mess sooner rather then later.


Personally I would go for Homestead, I use it all the time and it works great once you have it running.

Btw, the reason why localhost/quotes/public/index.php is working for you right now is because RewriteCond %{REQUEST_FILENAME} !-f tells Apache not to rewrite any requests to files that actually exist (otherwise you wouldn't be able to access static assets like your css).

Wednesday, March 31, 2021
 
kensil
answered 7 Months ago
18

Have this rule in your root .htaccess:

# using THE_REQUEST make sure we match whitespace (s) 
# followed by 1+ / followed by ? or s
RewriteCond %{THE_REQUEST} s/+[?s]
RewriteCond %{HTTP_HOST} ^(?:www.)?paw.xevz.migor.eu$ [NC]
RewriteRule ^ /mainfolder/ [R=302,L]

THE_REQUEST variable represents original request received by Apache from the browser and it doesn't get overwritten after execution of other rewrite directives. Example value of this variable is GET /index.php?id=123 HTTP/1.1 or GET / HTTP/1.1

Make sure you clear your browser cache before testing this change.

Saturday, May 29, 2021
 
Pradip
answered 5 Months ago
24

You can just inject it

class MyDirective {
  constructor(private host:MyComponent) {}

A severe limitation is, that you need to know the type of the component in advance.

See also https://github.com/angular/angular/issues/8277
It also provides some workarounds for when you don't know the type in advance.

Wednesday, July 28, 2021
 
THEK
answered 3 Months ago
16

If you don't want to use the ngClass directive (Hint: you can pass a function to [ngClass]="myClasses()" if it would be to messy inline in your template) you can just utilize the Renderer2 for it to add one or more classes:

export class CustomDirective {

   constructor(private renderer: Renderer2,
               private elementRef: ElementRef,
               service: SomService) {
   }

   addClass(className: string, element: any) {
       this.renderer.addClass(element, className);
       // or use the host element directly
       // this.renderer.addClass(this.elementRef.nativeElement, className);
   }

   removeClass(className: string, element: any) {
       this.renderer.removeClass(element, className);
   }

}
Monday, August 2, 2021
 
jenny
answered 3 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :