Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

laracasts_asker's avatar

securing a route that uses cURL

I am doing a curl -F upload=@data.csv http://mysite.com/upload with a linux machine A to the endpoint of my laravel application. How do I make sure that only allowed users can run this cURL? First I tried to do it by IP, but I found out the IP from the linux machine A changes. I also found this: curl -i --user [email protected]:qwertyuiop -d "data=somedata" https://www.xxxxxxxxxxxxx.co.uk/app/api/v1/clients but I am not sure where would I store [email protected]:qwertyuiop credentials

0 likes
2 replies
laracasts_asker's avatar

thanks! So I am executing: curl -i --user [email protected]:qwertyuiop -d "data=somedata" https://mysite.com/upload. But regarldess if I use --user [email protected]:qwertyuiop or not the cURL gets done.

So probably this section inside the httpd.conf apache configuration file is not working?

<Directory "/opt/app-root/src/public/upload">
AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile "/opt/app-root/src/pwfile"
Require user admin
</Directory>

I assume <Directory "/opt/app-root/src/public/upload"> will demand this authentification to any request for https://mysite.com/upload am I wrong?

or is the declearation above overwritten by this?

<Directory "/opt/app-root/src">

    #

    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.4/mod/core.html#options
    # for more information.

    Options Indexes FollowSymLinks

    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #

    AllowOverride All

    # Controls who can get stuff from this server.
    Require all granted

</Directory>

My route is: Route::post('/upload', 'Controller@fileupload');

Please or to participate in this conversation.