laravel 如何隐藏配置文件以防止直接访问?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/37507209/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to hide config files from direct access?
提问by Yasen Ivanov
I am using Laravel for web app. Uploaded everything on production and found out that some of the files can be directly accessed by url - for example http://example.com/composer.json
我正在将 Laravel 用于网络应用程序。上传生产中的所有内容,发现某些文件可以通过 url 直接访问 - 例如http://example.com/composer.json
How to avoid that direct access?
如何避免直接访问?
回答by Alexey Mezenin
You're using wrong web server configuration. Point your web server to a publicdirectory and restart it.
您使用了错误的 Web 服务器配置。将您的 Web 服务器指向一个public目录并重新启动它。
For Apacheyou can use these directives:
对于Apache,您可以使用这些指令:
DocumentRoot "/path_to_laravel_project/public"
<Directory "/path_to_laravel_project/public">
For nginx, you should change this line:
对于nginx,您应该更改此行:
root /path_to_laravel_project/public;
After doing that, all Laravel files will not be accessible from browser anymore.
这样做之后,浏览器将无法再访问所有 Laravel 文件。
回答by Ohgodwhy
That is incorrect. composer.jsonsits outside of the publicdirectory and therefore should not be accessible. This means that your VirtualHost configuration is incorrect.
那是不正确的。composer.json位于public目录之外,因此不应访问。这意味着您的 VirtualHost 配置不正确。
Please make sure that your path to your directory ends with /public.
请确保您的目录路径以/public.
回答by Reiah Paul Sam
Point the web server to the public directory in the project's root folder
将 Web 服务器指向项目根文件夹中的公共目录
project root folder/public
but if you don't have the public folder and you are already pointing to the root folder, you can deny access by writing the following code in .htaccessfile.
但是如果您没有 public 文件夹并且您已经指向根文件夹,您可以通过在.htaccess文件中编写以下代码来拒绝访问。
<Files ".env">
Order Allow,Deny
Deny from all
Allow from 127.0.0.1
</Files>
in the above code, first we are denying from all and allowing only from the own server (localhost to the server) to get executed, and hence we can protect it from outside users.
在上面的代码中,首先我们拒绝所有并只允许从自己的服务器(本地主机到服务器)执行,因此我们可以保护它免受外部用户的侵害。
回答by Abhijeet Navgire
Point your web server to a public directory and restart it.
将您的 Web 服务器指向公共目录并重新启动它。
For Apache you can use these directives:
对于 Apache,您可以使用这些指令:
DocumentRoot "/path_to_laravel_project/public"
<Directory "/path_to_laravel_project/public">
Also You Can Deny files in .htaccess too.
您也可以拒绝 .htaccess 中的文件。
<Files "composer.json">
Order Allow,Deny
Deny from all
</Files>
for multiple files you can add above files tag multiple times in .htaccess files.
对于多个文件,您可以在 .htaccess 文件中多次添加上述文件标签。
回答by Crysis
You Can Deny files in .htaccess too.
您也可以拒绝 .htaccess 中的文件。
<Files "composer.json">
Order Allow,Deny
Deny from all
</Files>
回答by Amr El-Naggar
With Apache, you can create .htaccess file in the root directory of Laravel project to rewrite all requests to public/ directory.
使用 Apache,您可以在 Laravel 项目的根目录下创建 .htaccess 文件,将所有请求重写到 public/ 目录。
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^(.*)$ public/ [L]
</IfModule>
回答by farmio
It depends on the webserver your running. With Apache it would be .htaccess files whereas with Nginx it would be handled in the server configuration file.
这取决于您运行的网络服务器。对于 Apache,它将是 .htaccess 文件,而对于 Nginx,它将在服务器配置文件中处理。
回答by Giedrius Kir?ys
Set Your document root as publicdirectory, so other files will not be accessible directly. Look for it in Your apache/nginx/??? configuration files.
将您的文档根public目录设置为目录,因此其他文件将无法直接访问。在你的 apache/nginx/??? 中寻找它 配置文件。
回答by Ravindra Bhanderi
simply create blank
简单地创建空白
index.php
索引.php
file in config directory , and write message in file as you like to inform acccessor user
配置目录中的文件,并在文件中写入消息以通知访问者用户
ex. access forbindon by server
前任。服务器禁止访问
