如何隐藏直接访问的配置文件? [英] How to hide config files from direct access?
问题描述
我正在将Laravel用于Web应用程序.上传了生产中的所有内容,发现其中的某些文件可以通过url直接访问-例如 http://example. com/composer.json
I am using Laravel for web app. Uploaded everything on production and found out that some of the files can be directly accessed by url - for example http://example.com/composer.json
如何避免这种直接访问?
How to avoid that direct access?
推荐答案
您使用的Web服务器配置错误.将您的Web服务器指向public
目录,然后重新启动它.
You're using wrong web server configuration. Point your web server to a public
directory and restart it.
对于 Apache ,您可以使用以下指令:
For Apache you can use these directives:
DocumentRoot "/path_to_laravel_project/public"
<Directory "/path_to_laravel_project/public">
对于 nginx ,您应更改以下行:
For nginx, you should change this line:
root /path_to_laravel_project/public;
这样做之后,所有Laravel文件将不再可以从浏览器访问.
After doing that, all Laravel files will not be accessible from browser anymore.
这篇关于如何隐藏直接访问的配置文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!