I developed a website using laravel and on my web hoster I have not find the public directory so , I changed the server.php
From
require_once __DIR__.'/public/index.php';
To
require_once __DIR__.'/index.php';
and I moved all the contents of the public folder in the root and the website works very well BUT the problem is when I put for example http://mywebsite.com/.env I can show the content of .env so my site is not protected.
The Question :
How can I protect my files and directories ?
Example of structure I want:
index.php
.htaccess
favicon.ico
img/
css/
js/
laravel/
app/
bootstrap/
database/
config/
storage/
.env
server.php
...
Content of the root of my site => the public folder content
laravel directory => the other directories and files
Place everything back in the public folder and revert the changes to server.php. Then in your top level directory add a .htaccess file with the code below:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(.*)$ public/$1 [L]
</IfModule>
I personally wouldn't remove the public folder. You could either add a .htaccess file or create a symlink that links to /public, both approaches should work but I usually go with the symlink.
In case your laravel installation folder is called "laravel" and your server expects "html" to be the folder with your website in it you should do something like this:
ln -s laravel/public html