Single route giving a 403 Forbidden error in Laravel 4

Brian picture Brian · Jul 26, 2014 · Viewed 10.3k times · Source

I have been trying to figure out why this is happening for the past couple of days with no success. I found some other questions dealing with 403 errors while routing in Laravel but none pertaining to a problem with a single route. Somewhat new to Laravel and web development, so might be missing something obvious, but here goes:

So the routes in my project all work except for one, that route being {mywebsite}/admin, which gives me a 403 error. It does work when I go to {mywebsite}/index.php/admin. What I don't understand is why none of my other routes have the same problem. For example, {mywebsite}/test works and {mywebsite}/admin/categories works. This is literally the only route that does not work. Also worth noting is that the same issue comes up when trying to access it on both my local server and my production server (Digital Ocean with Laravel Forge).

Here is my routes.php file:

Route::get('/', function()
{
    return View::make('hello'); //works
});

Route::get('/admin', function()
{
    return "admin"; //403 error
});

Route::get('/test', function()
{
    return "test"; //works
});


//these all work
Route::get('/admin/dashboard', 'TaskCategoriesController@showAdmin');

// all category routes
Route::get('/admin/categories/', 'TaskCategoriesController@show');
Route::get('/admin/categories/{id}/edit', 'TaskCategoriesController@edit');
Route::post('/admin/categories/{id}/edit/', array('uses' =>    'TaskCategoriesController@update'));
Route::post('/admin/categories/create/{id}', array('uses' => 'TaskCategoriesController@create'));
Route::get('/admin/categories/delete/{id}', array('uses' => 'TaskCategoriesController@delete'));

Route::get('/admin/categories/create', function()
{
    return View::make('CreateCategory');
});

// all form routes
Route::get('/admin/forms/{id}/edit', 'TaskFormsController@edit');
Route::post('/admin/forms/{id}', 'TaskFormsController@create');
Route::post('/admin/forms/{id}/submit', 'OrdersController@submitOrder');
Route::get('/admin/forms/{id}/add', 'TaskFormsController@addFormElement');
Route::get('/admin/forms/{id}/edit/{elementId}', 'TaskFormsController@editFormElement');
Route::get('/admin/forms/{id}/delete/{elementId}', 'TaskFormsController@deleteFormElement');
Route::post('/admin/forms/{id}/saveUpdates/{tid}', 'TaskFormsController@updateFormElement');


//time table routes
Route::post('/admin/categories/{id}/timetable/{date}', array('uses' => 'TimeTableController@updateTimetable'));
Route::get('/admin/categories/{id}/timetable', array('uses' => 'TimeTableController@timetable'));
Route::get('/admin/categories/{id}/timetable/{date}', array('uses' => 'TimeTableController@editWeekTable'));

And here is my .htaccess file:

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews
    </IfModule>

    RewriteEngine On

    # Redirect Trailing Slashes...
    RewriteRule ^(.*)/$ /$1 [L,R=301]

    # Handle Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>

Does anyone have any clue why this might be happening?

Answer

Unnawut picture Unnawut · Jul 26, 2014

With the clue that you can access {mywebsite}/index.php/admin while other routes work fine means that your Laravel route and .htaccess file are working.

So the problem is probably from .htaccess skipping url rewrite only for url {mywebsite}/admin, related to these three lines:

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]

The first two lines above tells apache not to url rewrite to Laravel's index.php if the requested url points to an existing file or folder. The fact that it is showing 403 Forbidden is most probably because apache is trying to directory-list /admin folder but it is prohibited to do so.

So the solution is to make sure that you do not have a folder app/public/admin. If there is, delete it and try again.