How to hide config files from direct access?

Question

I am using Laravel for web app. Uploaded everything on production and found out that some of the files can be directly accessed by url - for example http://example.com/compo

Answer 1

Point the web server to the public directory in the project's root folder

project root folder/public

but if you don't have the public folder and you are already pointing to the root folder, you can deny access by writing the following code in .htaccess file.

Order Allow,Deny
Deny from all
Allow from 127.0.0.1

in the above code, first we are denying from all and allowing only from the own server (localhost to the server) to get executed, and hence we can protect it from outside users.