Is it possible to access laravel.log from a public domain url?

you can setup a symbolic link from the public directory

You can't access the file directly, but you could create a route that returns a download of that file.

However, for production I would use a dedicated service like papertrail or loggly.

Having logging on on a production server is ok, but it is not ok to have your log publicly available, as it could disclose important information about your app.

Hey @otepas, combine your answers into one and I'll mark it as correct

Thanks for the help and service references :)

If you want to show the log files in an admin area, check out this package https://packagist.org/packages/rap2hpoutre/laravel-log-viewer

@Snapey Thanks for this package suggestion I'll have to check it out

@go Having a public, production log file is a horrible idea. It contains sensitive information that you don’t want in the public eye.

Have a look at the dozens of log viewers out there such as Rollbar, Sentry, etc.

Yes indeed, that is the point. :D

Infact it can actually be accessed sometimes without even realising by doing something along these lines... (P.O.C -> I know this from previous experience!!)

htttp://example.com/storage/logs/laravel.log

also i have known this to work...

http://example.com/../storage/logs/laravel.log

The best thing to do that i have found works well is to block access to .env / composer.json and storage folder in either htaccess files or nginx conf.

You would be surprised how many servers / applications there are that leave them selves wide open to attacks.

A simple google search would provide hundreds of rootable servers through simple miss configuration and put into production mode thinking these files and folders are not accessible...

I know this first hand from testing prior to production.

@Birdy

The best thing to do that i have found works well is to block access to .env / composer.json and storage folder in either htaccess files or nginx conf.

Absolutely not the best thing to do!

Best thing to do is to only serve public content from the public folder

Any other configuration is mis-configuration

@Snapey

When you say serve from public folder, You meaning laravels public folder or a specific public folder such as public_html and have the rest of the app outside of the public_html directory?

@birdy If your web server publishes from public_html then rename your laravel public folder to match. Then upload your site so that the framework is a level ABOVE the public_html

You meaning laravels public folder or a specific public folder such as public_html and have the rest of the app outside of the public_html directory?

Yes.