[error] Access forbidden by rule

As is common for many websites on the internet, bots may often scan trying to find vulnerabilities on your website. When a bot tries to request access to a page that does not exist, or is explicitly blocked by Laravel Cloud for security purposes, you may see related [error] logs. These can be safely ignored.

Example logs:

2025-03-26 17:26:05 UTC
2025/03/26 17:26:05 [error] 148#148: *35409 access forbidden by rule, client: 2600:1f16:e0:8506:ea9f::8, server: _, request: "GET /config/php.ini HTTP/1.1", host: "yourWebsite.com"

2025-03-26 17:26:18 UTC
2025/03/26 17:26:18 [error] 150#150: *35439 access forbidden by rule, client: 2600:1f16:e0:8506:b40f::6, server: _, request: "GET /.aws/credentials HTTP/1.1", host: "yourWebsite.com"

2025-03-26 17:26:24 UTC
2025/03/26 17:26:24 [error] 150#150: *35455 access forbidden by rule, client: 2600:1f16:e0:8506:ea9f::8, server: _, request: "GET /config.ini HTTP/1.1", host: "yourWebsite.com"

fatal: not a git repository

Some packages may attempt to access your .git directory during runtime in your application. When using Laravel Cloud, the .git folder is removed during the deploy process, meaning this directory is unavailable at runtime, which can trigger this error for packages that depend on this. For example, having Sentry installed will allow you the option to run git to grab the current commit hash, thus triggering these errors.

If a package depends on your deployment’s git hash being available, you can inject it as an environment variable by adding the following to your build commands:

# Install production dependencies...
composer install --no-dev

# Add the git commit hash to an environment variable...
echo -e "\nSENTRY_RELEASE=`git log --pretty="%h" -n1 HEAD`" >> .env

# Cache the configuration to make SENTRY_RELEASE available at runtime...
php artisan config:cache

[truncated due size]

The message [truncated due size...] log is indicating that a log message exceeded a size limit, causing the message to be cut off. This typically happens when logs or error messages are too lengthy. This can be common during your deployment process. To reduce the size of the content printed out for your deploy commands, you can reduce the commands’ verbosity through additional flags:

composer install --no-dev --quiet

npm ci --quiet --no-progress

Note that if your application is in APP_DEBUG=true, errors will produce a full stack track which can be truncated.

Was this page helpful?