I was under the impression I could use a .htaccess file to block IPs to my laravel project app/views/users/ dir but it doesn't look like its being read. However if I use the directives inside the public/.htaccess file it works.
I'm not familiar with mod_rewrite so I'm unsure how to block access to app/views/users from public/.htaccess. Whats the best way to get around this?
You can use a rewrite rule like this in root .htaccess to block any access to /app/views/users path:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^(110\.174\.129\.147|203\.217\.17\.162|111\.222\.333\.444)$
RewriteRule ^app/views/users(/.*)?$ - [F,NC]
Change these IP addresses to whatever addresses you want to block.