Configure routes.php in cakePhp 4.3

How should I configure routes.php if I have the fullBaseUrl configured in app.php like this:

    'App' => [
        'namespace' => 'App',
        'encoding' => env('APP_ENCODING', 'UTF-8'),
        'defaultLocale' => env('APP_DEFAULT_LOCALE', 'en_US'),
        'defaultTimezone' => env('APP_DEFAULT_TIMEZONE', 'UTC'),
        'base' => false,
        'dir' => 'src',
        'webroot' => 'webroot',
        'wwwRoot' => WWW_ROOT,
        'baseUrl' => env('SCRIPT_NAME'),
        'fullBaseUrl' => "",
        'imageBaseUrl' => 'img/',
        'cssBaseUrl' => 'css/',
        'jsBaseUrl' => 'js/',
        'paths' => [
            'plugins' => [ROOT . DS . 'plugins' . DS],
            'templates' => [ROOT . DS . 'templates' . DS],
            'locales' => [RESOURCES . 'locales' . DS],

What do you want your routes to do? What have you tried so far? What’s not working about what you’ve tried?

When I enter to the site (url: I want to be redirected to controller Users and action login, but when I enter it gives me the error ForbiddenException, the route configured in routes.php is $builder->connect(’/’, [‘controller’ => ‘Users’, ‘action’ => ‘login’]);

What do you get if you go to

I get not found, I deleted .htaccess from root and webroot directory, is what I understood I had to do from app.php

I have never not used the .htaccess files. Honestly not sure how it would work without them. I think you’d need to always include index.php in the URLs for that to work?

Basically only Apache supports the .htaccess file. If you use any other Webserver like NGINX or lighttpd they really don’t care about those files.

But to quickly explain what those 2 .htaccess files do:

The one in the “root” directory has the following content:

    RewriteEngine on
    RewriteRule    ^(\.well-known/.*)$ $1 [L]
    RewriteRule    ^$    webroot/    [L]
    RewriteRule    (.*) webroot/$1    [L]

This basically means:

  • Require the Apache Rewrite Engine to be enabled
  • Requests matching the regex ^(\.well-known/.*)$ are allowed to be accessed directly (necessary for LetsEncrypt verification)
  • Requests matching the regex ^$ will get rewritten to the webroot folder
  • Requests matching the regex (.*) (so basically anything else) will get rewritten to the webroot/<whatever-subpath-the-url-had> folder

The [L] at the end just means that if one rule “applies” it shouldn’t continue to check other rules.

Now the the webroot/.htaccess file

    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]

This basically means:

If the URL doesn’t request a file exactly via its path + filename (like CSS/JS/images/other static files) then put every request through the index.php which basically starts CakePHP

But to come back to the ForbiddenException problem:

Have you added your Users login function to the beforeFilter function like the tutorial says?

public function beforeFilter(\Cake\Event\EventInterface $event)

And if you have the Authorization Plugin enabled as well did you add


at the start of your login function?

I am using tha mapResolver for authorization and I have the function initialize which has this code:

    public function initialize(): void
			'index' => 'list',
			'delete' => 'remove',
			'edit' => 'update',
			'login' => 'list',
			'add' => 'insert'

And I have the beforeFilter funtion which has this code:

	public function beforeFilter(\Cake\Event\EventInterface $event)

		$this->Authentication->allowUnauthenticated(['login', 'add', 'forgotpassword', 'resetpassword']);

How can I solve this problem?

Please put the .htaccess files back, as they come, and then let us know what you get when you go to the /users/login URL that I asked about before. What I’m trying to learn from that is whether it’s actually the login action that’s forbidden, or if there’s something else about your setup that’s not right.

Also, the output of bin/cake routes wouldn’t hurt, to ensure that you don’t have something else routed to / that’s taking precedence over the login route you’ve added.

I uploaded the .htaccess files and still gives me the not found page when I enter the URL with /users/login

This is what I get from bin/cake routes:

Is it possible that the site isn’t detecting the .htaccess files? How can I solve this problem?

I solved this problem, the problem was that I uncommented the line ‘baseUrl’ => env(‘SCRIPT_NAME’)