How to hide config files from direct access?

Question

I am using Laravel for web app. Uploaded everything on production and found out that some of the files can be directly accessed by url - for example http://example.com/compo

Answer 1

Point your web server to a public directory and restart it.

For Apache you can use these directives:

DocumentRoot "/path_to_laravel_project/public"

Also You Can Deny files in .htaccess too.

Order Allow,Deny
Deny from all

for multiple files you can add above files tag multiple times in .htaccess files.