I tried to key my site's domain into the google search engine and was shocked to realize that the application folders that shouldn't be public have been indexed. Folders and files are like composer.json, a vendor directory, storage directory, resources directory among others.

How I set up:

The application is in the public_html directory, the index.php is the entry point and is in the root directory(public_html) The other Laravel application directories remain as they are(the default Laravel 7 directory structure)

CodePudding user response：

The application is in the public_html directory, the index.php is the entry point and is in the root directory(public_html) The other Laravel application directories remain as they are(the default Laravel 7 directory structure)

In a default Laravel installation, there is no index.php in the project directory, only a server.php. If you did any change here, please revert them since it would cause a major security issue.

The only Laravel directory that should be publicly accessible is public.

You are using Apache, it means that the DocumentRoot should be set to /path/to/your/project/public (where public is the Laravel public directory).

This way, every files and directories (app, resources...) above this one will not be accessible.

CodePudding user response：

you should move all your project files to root then copy your files from public to public_html then point topublic_html in Laravel:

<?php

namespace App\Providers;

use Illuminate\Support\ServiceProvider;

public function register()
{
    $this->app->bind('path.public', function() {
        return base_path().'/public_http';
    });
}

Also you can see: How to change public folder to public_html in laravel 5