{"id":338,"date":"2025-07-01T15:14:03","date_gmt":"2025-07-01T15:14:03","guid":{"rendered":"https:\/\/devsecopsschool.com\/blog\/?p=338"},"modified":"2025-07-01T15:14:04","modified_gmt":"2025-07-01T15:14:04","slug":"laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory","status":"publish","type":"post","link":"https:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/","title":{"rendered":"Laravel Security: Restricting uploads of PHP files to your Laravel public directory"},"content":{"rendered":"\n<p>You\u2019re <strong>on the right track<\/strong> thinking about restricting uploads of PHP files to your Laravel <code>public<\/code> directory\u2014<strong>this is one of the most effective defenses<\/strong> against webshells, backdoors, and PHP-based malware. The <strong>public folder should only have files you intend to be web-accessible<\/strong>, and usually only <code>index.php<\/code> (plus assets like CSS, JS, images).<\/p>\n\n\n\n<p>Below is a <strong>step-by-step, professional-grade hardening guide<\/strong> for your situation.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>1. Never Allow File Uploads Directly to <code>public\/<\/code><\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Change your app logic<\/strong> so any file uploads go to <code>storage\/<\/code> or a dedicated, non-web-accessible folder.<\/li>\n\n\n\n<li>Use <a href=\"https:\/\/laravel.com\/docs\/10.x\/filesystem\">Laravel\u2019s storage system<\/a> and serve user-uploaded files via a controller if needed, not direct public links.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>2. Block Access to PHP Files Except <code>index.php<\/code> (in .htaccess)<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Add this to your public\/.htaccess, <em>after<\/em> the existing rules:<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># BLOCK direct access to ALL PHP files except index.php\n&lt;FilesMatch \"^(?!index\\.php$).+\\.php$\"&gt;\n    Order allow,deny\n    Deny from all\n&lt;\/FilesMatch&gt;\n<\/code><\/pre>\n\n\n\n<p>Or, using <code>mod_rewrite<\/code> (for hosts where FilesMatch isn\u2019t allowed):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>RewriteCond %{REQUEST_URI} !\/index\\.php$\nRewriteRule \\.php$ - &#91;F]\n<\/code><\/pre>\n\n\n\n<p><strong>This means:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Only <code>index.php<\/code> is web-accessible.<\/li>\n\n\n\n<li>Any attempt to run another PHP file (even if uploaded by a hacker) will be blocked with a 403 Forbidden.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>3. Forbid PHP Execution in Upload Folders (Even If They\u2019re Public!)<\/strong><\/h2>\n\n\n\n<p>If you must make a subfolder in <code>public\/<\/code> writeable (not recommended!), <strong>add an .htaccess inside that folder:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \/public\/uploads\/.htaccess\nphp_flag engine off\nRemoveHandler .php .phtml .php3 .php4 .php5 .php7 .phps\n&lt;FilesMatch \"\\.(php|php&#91;3457]?|phtml|phps)$\"&gt;\n    Order allow,deny\n    Deny from all\n&lt;\/FilesMatch&gt;\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>This disables the PHP engine for that folder, even if a PHP file is uploaded.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>4. Disable Dangerous PHP Functions<\/strong><\/h2>\n\n\n\n<p>In your <code>php.ini<\/code>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>This makes it harder for webshells to function, even if uploaded.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>5. Permissions: Never Allow PHP to Write Into <code>public\/<\/code><\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>On your server: <code>chown -R www-data:www-data \/var\/www\/html\/yourproject chmod -R 755 \/var\/www\/html\/yourproject chmod 644 \/var\/www\/html\/yourproject\/public\/*.php chmod -R 555 \/var\/www\/html\/yourproject\/public<\/code><\/li>\n\n\n\n<li>Only grant write permissions to folders <strong>Laravel actually needs<\/strong> (typically <code>storage\/<\/code> and <code>bootstrap\/cache\/<\/code>).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>6. General Tips<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Always keep <strong>Laravel, Composer, PHP, and all libraries up-to-date.<\/strong><\/li>\n\n\n\n<li>Install a Web Application Firewall (WAF) if possible (e.g., ModSecurity).<\/li>\n\n\n\n<li>Use <a href=\"https:\/\/www.fail2ban.org\/\">fail2ban<\/a> or similar tools to block brute-force attackers.<\/li>\n\n\n\n<li><strong>Restrict SSH access<\/strong> to only trusted IPs and use key authentication.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Example: Secure .htaccess for Laravel <code>public\/<\/code><\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;IfModule mod_negotiation.c&gt;\n    Options -MultiViews -Indexes\n&lt;\/IfModule&gt;\n\n&lt;IfModule mod_rewrite.c&gt;\n    RewriteEngine On\n\n    # HTTPS and www redirects (add yours here)\n\n    # Block direct access to PHP files except index.php\n    RewriteCond %{REQUEST_URI} !\/index\\.php$\n    RewriteRule \\.php$ - &#91;F]\n\n    # Usual Laravel front controller rules...\n    RewriteCond %{REQUEST_FILENAME} !-d\n    RewriteCond %{REQUEST_FILENAME} !-f\n    RewriteRule ^ index.php &#91;L]\n&lt;\/IfModule&gt;\n<\/code><\/pre>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Summary Table<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Protection<\/th><th>How-To<\/th><\/tr><\/thead><tbody><tr><td>Block PHP except index.php<\/td><td>.htaccess FilesMatch or RewriteCond<\/td><\/tr><tr><td>No uploads to public<\/td><td>App logic, Laravel storage<\/td><\/tr><tr><td>PHP execution off in uploads<\/td><td>.htaccess in upload folder<\/td><\/tr><tr><td>Permissions: no write to public<\/td><td><code>chmod<\/code>, <code>chown<\/code> as above<\/td><\/tr><tr><td>Disable dangerous PHP functions<\/td><td><code>php.ini<\/code> settings<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Final Advice<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Blocking all PHP except <code>index.php<\/code> is a good approach and should be used in combination with other security steps.<\/strong><\/li>\n\n\n\n<li><strong>Never allow uploads directly to public\/ or any web-accessible folder.<\/strong><\/li>\n\n\n\n<li>Audit permissions, keep everything updated, and use defense in depth.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>You\u2019re on the right track thinking about restricting uploads of PHP files to your Laravel public directory\u2014this is one of the most effective defenses against webshells, backdoors, and PHP-based malware. The public folder should only have files you intend to be web-accessible, and usually only index.php (plus assets like CSS, JS, images). Below is a &#8230; <a title=\"Laravel Security: Restricting uploads of PHP files to your Laravel public directory\" class=\"read-more\" href=\"https:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/\" aria-label=\"Read more about Laravel Security: Restricting uploads of PHP files to your Laravel public directory\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-338","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Laravel Security: Restricting uploads of PHP files to your Laravel public directory - DevSecOps School<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Laravel Security: Restricting uploads of PHP files to your Laravel public directory - DevSecOps School\" \/>\n<meta property=\"og:description\" content=\"You\u2019re on the right track thinking about restricting uploads of PHP files to your Laravel public directory\u2014this is one of the most effective defenses against webshells, backdoors, and PHP-based malware. The public folder should only have files you intend to be web-accessible, and usually only index.php (plus assets like CSS, JS, images). Below is a ... Read more\" \/>\n<meta property=\"og:url\" content=\"http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/\" \/>\n<meta property=\"og:site_name\" content=\"DevSecOps School\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-01T15:14:03+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-01T15:14:04+00:00\" \/>\n<meta name=\"author\" content=\"Rajesh Kumar\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rajesh Kumar\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/#article\",\"isPartOf\":{\"@id\":\"http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/\"},\"author\":{\"name\":\"Rajesh Kumar\",\"@id\":\"https:\/\/devsecopsschool.com\/blog\/#\/schema\/person\/e414b640530af05905c2162ba4259f6c\"},\"headline\":\"Laravel Security: Restricting uploads of PHP files to your Laravel public directory\",\"datePublished\":\"2025-07-01T15:14:03+00:00\",\"dateModified\":\"2025-07-01T15:14:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/\"},\"wordCount\":374,\"commentCount\":0,\"inLanguage\":\"en\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/\",\"url\":\"http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/\",\"name\":\"Laravel Security: Restricting uploads of PHP files to your Laravel public directory - DevSecOps School\",\"isPartOf\":{\"@id\":\"https:\/\/devsecopsschool.com\/blog\/#website\"},\"datePublished\":\"2025-07-01T15:14:03+00:00\",\"dateModified\":\"2025-07-01T15:14:04+00:00\",\"author\":{\"@id\":\"https:\/\/devsecopsschool.com\/blog\/#\/schema\/person\/e414b640530af05905c2162ba4259f6c\"},\"breadcrumb\":{\"@id\":\"http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/#breadcrumb\"},\"inLanguage\":\"en\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/devsecopsschool.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Laravel Security: Restricting uploads of PHP files to your Laravel public directory\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/devsecopsschool.com\/blog\/#website\",\"url\":\"https:\/\/devsecopsschool.com\/blog\/\",\"name\":\"DevSecOps School\",\"description\":\"DevSecOps Redefined\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/devsecopsschool.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/devsecopsschool.com\/blog\/#\/schema\/person\/e414b640530af05905c2162ba4259f6c\",\"name\":\"Rajesh Kumar\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en\",\"@id\":\"https:\/\/devsecopsschool.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b02d9501846e698677d30ae5e3d8648980cdd60ebaab000d5001f4612c9f0ff7?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b02d9501846e698677d30ae5e3d8648980cdd60ebaab000d5001f4612c9f0ff7?s=96&d=mm&r=g\",\"caption\":\"Rajesh Kumar\"},\"sameAs\":[\"http:\/\/devsecopsschool.com\/blog\"],\"url\":\"https:\/\/devsecopsschool.com\/blog\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Laravel Security: Restricting uploads of PHP files to your Laravel public directory - DevSecOps School","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/","og_locale":"en_US","og_type":"article","og_title":"Laravel Security: Restricting uploads of PHP files to your Laravel public directory - DevSecOps School","og_description":"You\u2019re on the right track thinking about restricting uploads of PHP files to your Laravel public directory\u2014this is one of the most effective defenses against webshells, backdoors, and PHP-based malware. The public folder should only have files you intend to be web-accessible, and usually only index.php (plus assets like CSS, JS, images). Below is a ... Read more","og_url":"http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/","og_site_name":"DevSecOps School","article_published_time":"2025-07-01T15:14:03+00:00","article_modified_time":"2025-07-01T15:14:04+00:00","author":"Rajesh Kumar","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rajesh Kumar","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/#article","isPartOf":{"@id":"http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/"},"author":{"name":"Rajesh Kumar","@id":"https:\/\/devsecopsschool.com\/blog\/#\/schema\/person\/e414b640530af05905c2162ba4259f6c"},"headline":"Laravel Security: Restricting uploads of PHP files to your Laravel public directory","datePublished":"2025-07-01T15:14:03+00:00","dateModified":"2025-07-01T15:14:04+00:00","mainEntityOfPage":{"@id":"http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/"},"wordCount":374,"commentCount":0,"inLanguage":"en","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/#respond"]}]},{"@type":"WebPage","@id":"http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/","url":"http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/","name":"Laravel Security: Restricting uploads of PHP files to your Laravel public directory - DevSecOps School","isPartOf":{"@id":"https:\/\/devsecopsschool.com\/blog\/#website"},"datePublished":"2025-07-01T15:14:03+00:00","dateModified":"2025-07-01T15:14:04+00:00","author":{"@id":"https:\/\/devsecopsschool.com\/blog\/#\/schema\/person\/e414b640530af05905c2162ba4259f6c"},"breadcrumb":{"@id":"http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/#breadcrumb"},"inLanguage":"en","potentialAction":[{"@type":"ReadAction","target":["http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/devsecopsschool.com\/blog\/laravel-security-restricting-uploads-of-php-files-to-your-laravel-public-directory\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/devsecopsschool.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Laravel Security: Restricting uploads of PHP files to your Laravel public directory"}]},{"@type":"WebSite","@id":"https:\/\/devsecopsschool.com\/blog\/#website","url":"https:\/\/devsecopsschool.com\/blog\/","name":"DevSecOps School","description":"DevSecOps Redefined","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/devsecopsschool.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en"},{"@type":"Person","@id":"https:\/\/devsecopsschool.com\/blog\/#\/schema\/person\/e414b640530af05905c2162ba4259f6c","name":"Rajesh Kumar","image":{"@type":"ImageObject","inLanguage":"en","@id":"https:\/\/devsecopsschool.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b02d9501846e698677d30ae5e3d8648980cdd60ebaab000d5001f4612c9f0ff7?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b02d9501846e698677d30ae5e3d8648980cdd60ebaab000d5001f4612c9f0ff7?s=96&d=mm&r=g","caption":"Rajesh Kumar"},"sameAs":["http:\/\/devsecopsschool.com\/blog"],"url":"https:\/\/devsecopsschool.com\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/devsecopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/338","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devsecopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devsecopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devsecopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/devsecopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=338"}],"version-history":[{"count":1,"href":"https:\/\/devsecopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/338\/revisions"}],"predecessor-version":[{"id":339,"href":"https:\/\/devsecopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/338\/revisions\/339"}],"wp:attachment":[{"href":"https:\/\/devsecopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=338"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devsecopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=338"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devsecopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=338"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}