Joined August 2013
·

Ken Moini

Tennessee
·
·
·

As @searsaw said, this is a massive security risk waiting to be exploited.
I have my Apache VHost pointed to the /www/laravel_app/public directory which of course loads an index.php file. In this index.php file that's located in the public directory, I have a few lines...

require __DIR__.'/../bootstrap/autoload.php';
$app = require_once __DIR__.'/../bootstrap/start.php';
$app->run();
$app->shutdown();

Then, in the same public directory my .htaccess is setup as...

<IfModule mod_rewrite.c>
    Options -MultiViews
    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>

Routes work as expected without the public prefix, no access to non-public parts. Could even put an .htaccess in the laravel_app root that explicitly disallows access to the app, bootstrap, and vendor directories, but this method is already secure enough.

Achievements
62 Karma
6,709 Total ProTip Views