Joined August 2013
·
kenmoini

Ken Moini

Tennessee
·
·
·

Posted to Make Laravel(4) work without `public/` in the URL over 1 year ago

As @searsaw said, this is a massive security risk waiting to be exploited.
I have my Apache VHost pointed to the /www/laravel_app/public directory which of course loads an index.php file. In this index.php file that's located in the public directory, I have a few lines...

require __DIR__.'/../bootstrap/autoload.php';
$app = require_once __DIR__.'/../bootstrap/start.php';
$app->run();
$app->shutdown();

Then, in the same public directory my .htaccess is setup as...

<IfModule mod_rewrite.c>
    Options -MultiViews
    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>

Routes work as expected without the public prefix, no access to non-public parts. Could even put an .htaccess in the laravel_app root that explicitly disallows access to the app, bootstrap, and vendor directories, but this method is already secure enough.

Achievements
62 Karma
6,703 Total ProTip Views
Nephila Komaci 3
Have at least three original repos where PHP is the dominant language
Forked
Have a project valued enough to be forked by someone else
Nephila Komaci
Have at least one original repos where PHP is the dominant language
Interests & Skills
PHP
CSS
JavaScript
mySQL
SQLite
MariaDB
HTML5
CSS3
JS
jQuery
AJAX
XML
Python
Perl
Bash
Open Source