Hello, my question is the following if this has potential risk for my laravel 9 application. I see a lot in my WAF log the use of index.php right after the slash in the domain. example mysite.com/index.php/p/182 some links are broken when I use it myself to see if it is a security issue, my question remains and I wanted to know how I can fix this in my htaccess so that it is not possible to access this manner. And if it's an application security issue what should I do?
Options -MultiViews -Indexes
RewriteEngine On
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Send Requests To Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
typically, index.php is the landing page or main door for a website, of course there will often have good visitors to visit and bad visitors as well, if you block the main door, how the good visitors know where to visit from the rest of the site?
that's why route and authorization is built for, so you can control which route can access by public and which route can be accessed by authenticated user.
as long as you set the route and authorization with the auth middleware and access control correctly, it should be safe.
Besides, if you found there are abnormal huge volume hits rate from a single or multiple IP addresses, it may due to some DDOS attack and you can use your firewall or 3rd party CDN site that provide such feature to prevent and minimize the risks.
@siangboon Yes really, they are usually destinations of aws virtual servers, digitalocean among other hosts, I believe they are automated attempts, I was just wondering if this would bring any risk but from what you informed me I believe I'm safe.
