Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

laracasts_asker's avatar

Securing a cURL route with Apache authType Basic fails

I want to secure an endpoint. My route is: Route::post('/upload', 'Controller@fileupload');

Then I am executing: curl -i --user username:testpw -d "data=somedata" https://mysite.com/upload. But regarldess if I use --user username:testpw or not the cURL gets done - no security.

So probably this section inside the httpd.conf apache configuration file is not working?

<Directory "/opt/app-root/src/public/upload">
AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile "/opt/app-root/src/pwfile"
Require user username
</Directory>

I assume <Directory "/opt/app-root/src/public/upload"> will demand this authentification to any request for https://mysite.com/upload or am I wrong and laravel will route this internally without apache seeing a request for this path: /opt/app-root/src/public/upload? Or maybe the above apache configuration gets overwriten somewhere, for example by this <Directory "/opt/app-root/src"><Directory "/opt/app-root/src">config area?

0 likes
0 replies

Please or to participate in this conversation.