Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hello,
My website is running perfectly in www.mywebsite.com, but I notice people can enter in the URL:
www.mywebsite.com/public
www.mywebsite.com/public/index.php
www.mywebsite.com/server.php
And all links shows my website but without CSS applied. Is there any way I can redirect users to my main URL?
Btw, I use the /public/ folder for JS, CSS & Images, like such:
www.mywebsite.com/public/img/somefile.png
www.mywebsite.com/public/js/somefile.js
www.mywebsite.com/public/css/somefile.css
And I want to maintain that.
This is my root .htaccess:
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Remove www
RewriteCond %{HTTP_HOST} ^www.mywebsite.com$ [NC]
RewriteRule ^(.*)$ https://mywebsite.com [R=301,L]
# Remove http and force https
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [QSA,R,L]
RewriteCond %{REQUEST_FILENAME} -d [OR]
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ ^ [N]
RewriteCond %{REQUEST_URI} (\.\w+$) [NC]
RewriteRule ^(.*)$ public/
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ server.php
</IfModule>
And this is my public/.htaccess:
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
Finally, I'm using a shared hosting.
Thanks.
Main laravel goes above htdocs. You should not need to mess around with htaccess file. Do a search right here myself and many others have answered how to properly set up laravel on shared hosting.
I know it's been answered over a hundred times.
@linesofcode is your website currently live somewhere? Be aware that at this moment your .env file is probably also exposed. So visiting www.yourwebsite.com/.env will probably show you (any anybody who visits that link) your database credentials and login to third party accounts like: email, file storage account (s3), logging, API keys, etc. etc.
So be aware of this.
If you run your own server (vps) you should set your document root correctly in your vhost file (to the public directory and not to the directory with all the laravel code).
If you have shared hosting and do not have the ability to change this you should follow some tutorials about setting up laravel on a shared hosting as jlrdw already said. I do not have any experience with this but a google search on laravel shared hosting should give you some insight.
Dear @click, many other people have question me about the security issues, like the .env file as well as the .log file under the storage.
And I'm gonna tell you what I have told them: no file is available to public. I repeat: no file is available to public.
If I open the browser and type:
www.mywebsite.com/.env I get error 404www.mywebsite.com/storage/logs/laravel.log I get error 404www.mywebsite.com/config/database.php I get error 404And keep in mind that:
.envfile has a file permission of 644
I'm using Laravel 5.7 and my folder structure is the following:
public_html/server.php
public_html/.env
public_html/*.etc files
public_html/public_html/*.etc files
public_html/config/*.etc files
public_html/app/*.etc files
public_html/*.etc folders
Thanks.
Solved.
By editing the file /public_html/public/index.php I can check if the current URL matches my criteria.
In my case whenever the string public is present in the URL it always have two slashes (because of the .htaccess), like:
www.mywebsite.com/public/
With that said, in the top of the file:
if ($_SERVER['REQUEST_URI'] == '/public/')
{
header('location: http://' . $_SERVER['HTTP_HOST']);
exit;
}
That looks like it would only work if they went specifically to yoursite.com/public/, not yoursite.com/public/something-else or yoursite/public/index.php/something-else
@Cronix which is my goal, like I said in my topic.
Btw, I use the /public/ folder for JS, CSS & Images, like such:
- www.mywebsite.com/public/img/somefile.png
- www.mywebsite.com/public/js/somefile.js
- www.mywebsite.com/public/css/somefile.css
And I want to maintain that.
@linesofcode - you are trying to fix a problem with your apache configuration with a php solution. This isn't the correct solution.
To fix this properly you need to amend you virtualhost to set the document route to the absolute path of your public folder within your laravel application.
This will resolve your issue although you will need to look at how you reference your assets as the shouldn't be prefixed with /public/. Look at the default laravel public folder structure. https://github.com/laravel/laravel/tree/master/public
Breaking away from the conventions will make your overall development with the framework more difficult.
However it's your choice but don't be surprised when things like this happen.
@D9705996 like I said in my post:
Finally, I'm using a shared hosting.
You can't set the document root in a shared hosting.
But, if we're gonna talk about breaking the conventions, we should then talk about the necessity of pushing to the public_html folder only the /public folder of Laravel and then create a separate folder far from public_html folder with the actual Laravel code...and to complete edit the .index.php file in order to work properly. (https://www.youtube.com/watch?v=6g8G3YQtQt4)
Doesn't seem like a good solution to me either as it goes against all the conventions of years of coding with other frameworks. The problem increases if I work with sub-folders, such as www.mywebsite.com/project_one, www.mywebsite.com/project_two.
I'm just making my point, not saying what is best or worst.
My JS, CSS, Image and other public files goes all to the /public/ folder, perfectly structured. As the name tells, they are public files, accessed by everyone.
You can't set the document root in a shared hosting.
Yes, that's why most people don't use shared hosting except for dumb simple things like wordpress. You can get your own server fully under your control for less than $10/month. They usually don't give you ssh access on shared hosting either, so automatic deployments are typically a no-go. There's a lot you give up with shared hosting, but you're welcome to stay with a hosting company that doesn't let you have full control over your box if you wish.
On shared hosting, generally you can still just copy the contents of /public into /public_html, and have the rest of laravel above public_html so it's not accessible and just make some minor adjustments to index.php and .htaccess.
public files goes all to the /public/ folder, perfectly structured. As the name tells, they are public files, accessed by everyone.
That's kind of funny that you put it like that. I'd respond with, "as the name tells, public_html are public files, accessed by everyone", too.
@Cronix where can I get those servers under $10/month?
That's kind of funny that you put it like that. I'd respond with, "as the name tells, public_html are public files, accessed by everyone", too.
Thats true. :D
you can usually host files above public_html and then rename your public folder to be public_html.
showing public in all your urls is just bad, bad, bad
@linesofcode - try some of these
https://www.techradar.com/uk/news/the-best-vps-hosting-of-2018
Starting at under $5/month. Not endorsing any particular one but a VPS is clearly available cheap nowadays
Op did not search I guess as there were so many prior answers to proper setup with and without shared hosting so op can do whatever op wants to do.
Almost a Pity some of those prior excellent answers wasn't viewed.
You can't set the document root in a shared hosting.
@linesofcode No, but you change the name of the “public” folder in a Laravel application for this exact reason.
You should never deploy your application’s code to a publicly-accessible folder. For this reason, consider your application compromised and change all passwords and access keys.
You should point your server to public folder. Add '/' before index in .htaccess file.
RewriteRule ^ index.php [L] to
RewriteRule ^ /index.php [L]
Please or to participate in this conversation.