craft root files are publicly visible and accessible [4.x]:
dhirajsah opened this issue · 4 comments
What happened?
Description
craft root files like .env, composer.json web.config etc.. are publicly visible and accessible
how can we hide them and set not to be public, as it contains crucial information about project
need little help and guide on the same,
--
Thanks
Craft CMS version
Craft Pro 4.9.7
PHP version
8.3.8
Operating system and version
WINNT 10.0
Database type and version
MySQL 8.3.0
Image driver and version
GD 8.3.8
Installed plugins and versions
@dhirajsah this more sounds like a server configuration issue, rather than a Craft issue. Did you follow the requirements?
- Did you make sure your webserver is pointing only to the
webdirectory, and has no access to the higher level folders (fixes the.envencomposer.jsonaccess) - Do you use IIS, if not
web.configis only there for IIS, and shouldn't be in an NGINX or apache powered server
Craft is a tool, but in the end you are still responsible for your own server config.
Yeah we recommend that you set the web folder as your web root, which is below the project root where your .env file lives, etc.
@michtio thanks for reply
Yes i did follow the requirements, also yes its not craft issue or bug, just needed help in this case,
I am running craft on my localhost using WampServer, on windows os,
i am not using IIS,
my craft location is as below, can you please guide me in how to arrenge folders, actully i am new to craft and still learning,
http:/ /localhost/craft-cms/brandsource/web/
@dhirajsah I would advise you follow the recommended way of setting op Craft CMS locally, as described in docs: https://craftcms.com/docs/5.x/install.html