I'm working on small project, and will host it on normal Godaddy host plan, the problem is: all file system will be accessible through internet.
so, how can I prevent access to any folder or file except /public
CONTRIBUTING.md
app/
artisan
bootstrap/
composer.json
composer.lock
phpunit.xml
public/
server.php
vendor/
thanks,
Why not split the project up? Upload the contents of public to your document root and the rest somewhere else (like your home directory). Then just modify the two paths in the public/index.php file to point to the right locations, eg
$path = __DIR__ . '/../my-app';
require $path . '/bootstrap/autoload.php';
$app = require_once $path . '/bootstrap/start.php';
If you point your apache site document root to /public, there is no way people can access any other file in your application outside your public. Even if they try to do things like:
http://yoursite.com/../
EDIT:
This is not something you should rely on a framework to do, securing directories on your site is the web server job, so you need to find a solution on your server: virtual host, document root, web root, domain directory or even .htaccess configuration.
In some shared hosting companies you can do that easily, some have cPanel or Plesk, but other, like Hostgator, will give you just enough configuration so you can change your directory root to /public. Looks like GoDaddy doesn't help much if you don't have a cPanel account, but, still, there are tricks to help you doing it the way you should be doing: http://support.godaddy.com/help/article/4067/setting-up-a-non-web-accessible-root-folder. Probably there are others around.