How to hide config files from direct access?

Question

I am using Laravel for web app. Uploaded everything on production and found out that some of the files can be directly accessed by url - for example http://example.com/compo

Answer 1

It depends on the webserver your running. With Apache it would be .htaccess files whereas with Nginx it would be handled in the server configuration file.

Answer 2

Set Your document root as public directory, so other files will not be accessible directly. Look for it in Your apache/nginx/??? configuration files.

Answer 3

You Can Deny files in .htaccess too.

<Files "composer.json">
Order Allow,Deny
Deny from all
</Files>

Answer 4

That is incorrect. composer.json sits outside of the public directory and therefore should not be accessible. This means that your VirtualHost configuration is incorrect.

Please make sure that your path to your directory ends with /public.

Answer 5

simply create blank

index.php

file in config directory , and write message in file as you like to inform acccessor user

ex. access forbindon by server

Answer 6

With Apache, you can create .htaccess file in the root directory of Laravel project to rewrite all requests to public/ directory.

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^(.*)$ public/$1 [L]
</IfModule>