I am using Laravel for web app. Uploaded everything on production and found out that some of the files can be directly accessed by url - for example http://domain.com/composer.json
How to avoid that direct access?
You're using wrong web server configuration. Point your web server to a
public directory and restart it.
For Apache you can use these directives:
DocumentRoot "/path_to_laravel_project/public" <Directory "/path_to_laravel_project/public">
For nginx, you should change this line:
After doing that, all Laravel files will not be accessible from browser anymore.