如何隐藏直接访问的配置文件? [英] How to hide config files from direct access?

问题描述

我正在将Laravel用于Web应用程序.上传了生产中的所有内容，发现其中的某些文件可以通过url直接访问-例如 http://example. com/composer.json

I am using Laravel for web app. Uploaded everything on production and found out that some of the files can be directly accessed by url - for example http://example.com/composer.json

如何避免这种直接访问?

How to avoid that direct access?

推荐答案

您使用的Web服务器配置错误.将您的Web服务器指向public目录，然后重新启动它.

You're using wrong web server configuration. Point your web server to a public directory and restart it.

对于 Apache ，您可以使用以下指令:

For Apache you can use these directives:

DocumentRoot "/path_to_laravel_project/public"
<Directory "/path_to_laravel_project/public">

对于 nginx ，您应更改以下行:

For nginx, you should change this line:

root /path_to_laravel_project/public;

这样做之后，所有Laravel文件将不再可以从浏览器访问.

After doing that, all Laravel files will not be accessible from browser anymore.

这篇关于如何隐藏直接访问的配置文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！