Secure laravel core files controllers from direct access

2.84K views
no comments
9 Oct 2015 2:01 am

If hacker needs to get your absolute path they easily can go to any core file by direct access like showed in below,

DIRECT ACCESS ANY CORE FILE OF LARAVEL

domain.com/app/controllers/HomeController.php
laravel-APP-Path/tests/TestCase.php
Fatal Error: Class ‘Illuminate\Foundation\Testing\Testcase’ not found in laravel-APP-Path/tests/TestCase.php on line 3

DIRECT ACCESS LARAVEL HOME CONTROLLER

domainname.com/laravel-APP-Path/controllers/HomeController.php
Fatal Error: Class ‘BaseController’ not found in laravel-APP-Path/Controllers/HomeController.php on line 3

SOLUTION HOW TO BLOCK DIRECT ACCESS OF ANY FILE INSIDE APP FOLDER

Create .htaccess file in app directory and write deny from all in .htaccess file, files cannot accessible directly from browser and .htaccess will shown an error Forbidden or access denied

Deny from all

htaccess file deny from all in laravel app folder

NOTE:Your Email Address will be not shown and please do not add spamming comments because here is REL="NOFOLLOW" on your links and comments also moderated shown.
<code>Put html css or any language code under this tag</code>