How can I hide admin routes?

Posted 8 months ago by Tarasovych

In my project I have some admin routes.

Route::group(['as' => 'admin.', 'prefix' => 'admin', 'middleware' => ['auth', 'role:admin']], function () {
    ...
});

If non-auth user tries to go site/admin, he'll get 302 Found and redirect due to vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php:

protected function unauthenticated($request, AuthenticationException $exception)
    {
        return $request->expectsJson()
                    ? response()->json(['message' => $exception->getMessage()], 401)
                    : redirect()->guest(route('login'));
    }

I want to hide admin routes somehow. Because if user get 302 not 200 response, he'd know that site/admin has some content. Bad user might start to hack. What's the best practice? Move admin functionality to other domain?

Please sign in or create an account to participate in this conversation.

Laracasts Mascot

Hi, Have We Met Yet?

Did you know that, in addition to the forum, Laracasts includes well over 1000 lessons on modern web development? All for the price of one lunch out per month.

Sign Me Up

Channels

Reply to

Use Markdown with GitHub-flavored code blocks.