Best way to block static files when using Bedrock

jdurand · March 19, 2014, 6:12pm

I’m wondering what’s the best way to block acces to files which shouldn’t be public such as :

.env
config (directory)
composer.json
composer.lock
Gemfile
etc.

I could write something in my Capistrano recipe to manually delete the unnecessary files after the composer update task and automatically output the necessary .htaccess rules to block the .env and other config files…

But I assume that this logic is needed by anybody using Bedrock, so It must already be in there somewhere. Isn’t it?

kalenjohnson · March 19, 2014, 6:39pm

If you are using a recent version of Bedrock, everything public is in the “web” directory. Thus, any files like the composer files and .env files are not publicly accessible. Problem solved.

jdurand · March 19, 2014, 7:05pm

Yep, that did the trick.