Restrict access to files in browser URL

The application built using YII framework is working fine. However, When I try to access one of the internal pages of Yii2 framework like; "http://localhost/basic/assets/AppAsset.php" via browser; I get below error message.

“Fatal error: Class ‘yii\web\AssetBundle’ not found in D:\WAMP\wamp\www…\basic\assets\AppAsset.php on line 18”

I have attached a screenshot for reference.

My queries are:


[*]Should this file be accessible via URL? If Yes, what output is expected?

[*]Why does it show an error message? This application is in Production environment, still I get this error.

[*]How to restrict such framework file access from end-users? OR How to handle this error message from end-users?


Similar error appears when I try to access other files like ‘basic/mailer/layouts/html.php’ and so on in browser


Hi Paresh,

  1. In the yii2-basic app only the "web" folder should be accessible from the web.

In yii2-advanced projects the folders /frontend/web and backend/web should accessible only.

  1. Because this file is not designed to get called directly via URL.

For more information search and read about "Asset Bundles" and the "Asset Pusblishing" Process in the Yii2 guide.

  1. The configuration depends on the server you are using. For example: When the web-root of your server is pointing directly to the /web folder of your project - the other project folders simply will not be served to users.

Best Regards

Thanks MetaCrawler. Your point 3 made my day. I had to point my web server to /basic/web folder instead of /basic folder.