Laravel .htaccess redirect to main page when accessing url.com/public

Question

My website runs in the following url www.mywebsite.com without any problem. So, when creating the project I applied some .htaccess rules in my root folder, as follow:

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews
    </IfModule>

    RewriteEngine On

    # Remove www    
    RewriteCond %{HTTP_HOST} ^www.mywebsite.com$ [NC]
    RewriteRule ^(.*)$ https://mywebsite.com$1 [R=301,L]

    # Remove http and force https   
    RewriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [QSA,R,L]

    RewriteCond %{REQUEST_FILENAME} -d [OR]
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteRule ^ ^$1 [N]

    RewriteCond %{REQUEST_URI} (\.\w+$) [NC]
    RewriteRule ^(.*)$ public/$1 

    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ server.php

</IfModule>

The issue is that if I access www.mywebsite.com/public I still view the website but without the CSS applied (because the URL is wrong).

How can I redirect the URL www.mywebsite.com/public to www.mywebsite.com, without set on fire my urls www.mywebsite.com/public/img/someimage.png?

Edit: To make myself clear:

www.mywebsite.com -> it's working -> I don't want to change that

www.mywebsite.com/public/img/someimage.png -> it's working -> I don't want to change that

www.mywebsite.com/public -> It's working -> I see my website without the CSS applied -> I WANT to change this by redirecting users to www.mywebsite.com

Set your Apache `DocumentRoot` correctly to point at the `public` folder. — ceejayoz, Oct 11 '18 at 14:50
Most shared hosts have a `httpdocs`, `public`, `public_html`, etc. folder within a non-web-accessible parent folder. If that's the case, put Laravel's `public` folder in there (and consult https://stackoverflow.com/questions/30198669/how-to-change-public-folder-to-public-html-in-laravel-5 if it's not called `public`). If that's *not* the case, find a better host. — ceejayoz, Oct 11 '18 at 15:09
(Side note: If you're wondering *why* this is so important, check out this Google search: https://www.google.com/search?q=db_password+filetype%3Aenv) — ceejayoz, Oct 11 '18 at 15:10
@ceejayoz I don't think you understand the problem. I'm gonna edit the post. — Linesofcode, Oct 11 '18 at 15:12
I do understand the problem. Having Laravel's non-public files (`.env`, `storage`, etc.) accessible to the web is a severely dangerous thing. You should fix it, as I advised above. — ceejayoz, Oct 11 '18 at 15:31
@ceejayoz I don't have the .env file exposed to the web. The file permission is `640` and you can't access through www.mywebsite.com/.env. That issue has nothing to do with the problem I'm facing. — Linesofcode, Oct 11 '18 at 15:37
@ceejayoz and where do I say that something outside public/ is available to the internet? I'm really not following. My `index.php` is on the public/ folder. The only thing my .htaccess does is allow my website to be access (and viewed) through `www.mywebsite.com`. You can't view/access ANY folder/file outside `public/` folder. — Linesofcode, Oct 11 '18 at 15:49
So if you go to URLs like `www.mywebsite.com/storage/logs/laravel.log` or `www.mywebsite.com/config/database.php` you get a 404? — ceejayoz, Oct 11 '18 at 15:53
Could you elaborate a bit on your file structure, then? You've done something odd if your `public` folder isn't one level inside the folder containing the rest of Laravel. — ceejayoz, Oct 11 '18 at 15:55
@ceejayoz what do you mean by one level inside? My structure is: `public_html/laravel` and the `public` folder is inside: `public_html/laravel/public/`. — Linesofcode, Oct 11 '18 at 16:01
Why aren't your URLs like `www.mywebsite.com/laravel/public/img/someimage.png` then? — ceejayoz, Oct 11 '18 at 16:02
Are `www.mywebsite.com/laravel/storage/logs/laravel.log` or `www.mywebsite.com/laravel/config/database.php` 404s? — ceejayoz, Oct 11 '18 at 16:02
@ceejayoz I thought you'd understand "laravel" stands for all the files from the laravel installation. Correction then: `public_html/all_files_from_laravel/public/` — Linesofcode, Oct 11 '18 at 16:05
That means your non-public Laravel files are in the `public_html` folder, and thus directly accessible to the web. That's a security problem. Up to you if you care, I suppose. — ceejayoz, Oct 11 '18 at 16:06
@ceejayoz dude, they are not accessible, how many times do I have to tell you that? If I access `www.mywebsite.com/storage/logs/laravel.log` I get 404. If I access `www.mywebsite.com/config/database.php` I get 404. If I access `www.mywebsite.com/.env` I get 404. — Linesofcode, Oct 11 '18 at 16:09
I'm not giving confusing structureinfo, I didn't changed the Laravel initial structure, the code is working without any security problems. I don't have to ask myself why. The file exists in the FTP but you can't access throught browser. Why is it hard for you to understand? — Linesofcode, Oct 11 '18 at 16:19
@ceejayoz do you want to go on a private chat and I show you my project URL so you can test and check for your self? I'm pretty ok with that. — Linesofcode, Oct 11 '18 at 16:28

score 1 · Answer 1 · answered Oct 11 '18 at 14:49

1

You should never allow access to anything outside of your public folder.

Your server should be setup to go to public, not the main folder above it. Do not move your index.php file from the public folder.

answered Oct 11 '18 at 14:49

Zoe Edwards

12,999
3
24
43

Sorry, I thought I had moved the `index.php` file but I have not. But my problem persists. – Linesofcode Oct 11 '18 at 14:58

score 0 · Accepted Answer · answered Oct 11 '18 at 20:46

0

Solved.

By editing the file /public_html/public/index.php I can check if the current URL matches my criteria.

In my case whenever the string public is present in the URL it always have two slashes (because of the .htaccess), like:

www.mywebsite.com/public/

With that said, in the top of the file:

if ($_SERVER['REQUEST_URI'] == '/public/')
{
    header('location: http://' . $_SERVER['HTTP_HOST']);
    exit;
}

answered Oct 11 '18 at 20:46

Linesofcode

5,327
13
62
116

As I said in my answer, what you are doing is **highly dangerous**. Do not make anything outside of your `public` folder avalible. – Zoe Edwards Oct 12 '18 at 08:50
@ThomasEdwards as I said in my post, nothing outside the `public` folder is available. – Linesofcode Oct 12 '18 at 11:42
Your post is very confusing. But, you have said that all the files for your project are in `public_html`, thus they are accessible. Sure you’ve changed a file permission and added a .htaccess, but things change, file permissions change, new packages are added – anything. All we are trying to say is that it is a high security risk and you should be warey of it. There are enough people saying the same thing that you should not be arrogant enough to assume you know better – you do not. If your host is bad, use a different one. Best of luck to you, I mean no offense – but this is a warning. – Zoe Edwards Oct 12 '18 at 12:10
@ThomasEdwards isn't it impressive that me telling you that something doesn't work you consider that arrogant just because your theory does not work? If it's so important to you that code is not in the `public_html` please hack the 90% of websites that have their code in the `public_html`, such as Wordpress sites. Feel free to amaze me. If you want, I can tell you my project URL in private and be my guest to try access private files. No offense. – Linesofcode Oct 12 '18 at 13:36
I have offered you my advice, other people have also said the same thing. You have chosen to ignore it. No problem. – Zoe Edwards Oct 12 '18 at 16:36
@ThomasEdwards you also have chosen to ignore what I said, no problem as well. – Linesofcode Oct 12 '18 at 16:49

Laravel .htaccess redirect to main page when accessing url.com/public

2 Answers2