1

I am quite new in Laravel PHP framework. I had a project and successfully completed and right now it's in production (online sever). but today I saw that everyone can access the base directory of site by just adding a slash to search string and folder name.

For example, if someone type like this

www.mywebsite.com

the page is working properly and all user access are working.

but when someone type like this

www.mywebsite.com/pages

They can access all my pages stored in the folder. All php files which are secrete and must not be viewed publicly. Actually I am storing some pages in the folder (pages).

This is a screen shot. Displaying files in the directory which is not public.

enter image description here

I know, I am missing a small thing, but I don't know how to get that.

halfer
  • 19,824
  • 17
  • 99
  • 186
Hanif Formoly
  • 301
  • 5
  • 13
  • If you're using Laravel, the only php file you should have in public is index.php. Other than that, you're supposed to use routes, controllers, and views. – Devon Bessemer Jan 04 '17 at 17:35
  • Possible duplicate of [Deny access to one specific folder in .htaccess](http://stackoverflow.com/questions/19118482/deny-access-to-one-specific-folder-in-htaccess) – Devon Bessemer Jan 04 '17 at 17:35
  • What's in your `public/.htaccess`? – martindilling Jan 04 '17 at 17:40
  • this is my public/.htaccess content Options -MultiViews RewriteEngine On # Redirect Trailing Slashes If Not A Folder... RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)/$ /$1 [L,R=301] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] # Handle Authorization Header RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] – Hanif Formoly Jan 04 '17 at 20:24

2 Answers2

1

Put a 404.blade.php file in your resource/views/errors folder

if it does not work then stop Auto Directory Index from your hosting.

You can try this .htaccess to prevent Auto Index

IndexIgnore *

I hope it will work

Hossain Azad
  • 62
  • 1
  • 9
0

where is you index.php file? put index.php inside the public folder. also .htaccess should be there too with appropriate settings.

aimme
  • 6,385
  • 7
  • 48
  • 65
  • index.php is inside public folder and .htaccess is Options -MultiViews RewriteEngine On # Redirect Trailing Slashes If Not A Folder... RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)/$ /$1 [L,R=301] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] # Handle Authorization Header RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] – Hanif Formoly Jan 04 '17 at 20:27