6

I was wondering if someone could shed some light as to why the index.php file for a laravel application lives in the public directory. What are the risks if I were to move it into the root directory instead?

GPicazo
  • 6,516
  • 3
  • 21
  • 24

1 Answers1

6

The files and folders in laravels public folder are meant to be web accessible. For security, all other files and folders in the laravel framework should not be web accessible.

Moving the index.php to laravels root will break the framework and defy best practices.

Follow these instructions to ensure your servers config points to the public directory for DocumentRoot

cborgia
  • 1,399
  • 1
  • 10
  • 10
  • If I change the paths file, everything works fine, so I am worried about breaking the framework. I am also familiar with setting up the virtual host or symlink. My question, I think is more about the best practices part; why is it best practice to put the main index inside the public folder? What are the consequences of moving it? If it was so bad, why do most other frameworks put it at the root? – GPicazo Sep 29 '12 at 16:48
  • Moving your index.php (and subsequently the docroot) above the `public` directory means all of your application's code is publicly accessible by anyone. Yes, some other frameworks put it in the root, but there are also tradeoffs. CodeIgniter for instance adds a line to the top of all files that kills the script if `BASEPATH` isn't defined. Laravel avoids those hacks by keeping everything inaccessible to the web server. – Dave S Oct 01 '12 at 16:21
  • I think it's more *common* practice than it is *best* practice. I have never tried moving it myself. Nonetheless, and just to make sure that users don't 'assume' there is such a file, I just rename it. Even though there are rewrite rules. For separation of outcomes (note: not concerns), I would move it into the system root, and let Apache call it from there. Then, leave all your static resources in the public root. Makes more sense to me. – Mike Rockétt Oct 02 '12 at 04:46
  • @cborgia Instruction link doesn't exist anymore! – Suriyaa May 09 '17 at 14:02