Laravel 4: how to protect assets folder?
You should set up your application so that everything outside of the initial public
directory is outside of your document root. That's one of the reasons why Laravel actually ships with a public
directory. Typically most people will symlink this directory to the document root. Anything inside public
is, obviously, public. If you'd like your assets directory to be inaccessible you could opt to use htaccess or an index.html
file much like how you've described.
If, for whatever reason, you need to shuffle some things around and have your actual application files within your document root then you'll need to implement some form of security if you see the need. This, again, could either be using htaccess or an index.html
file. Typically a htaccess approach is simpler. If you wanted to protect the app
directory you could drop a .htaccess
file in there that looked something like this.
deny from all
I have provided a similar answer to this type of question here: Laravel image gallery logic
In principle - you should store all your assets outside of public - and use PHP readfile() to securely serve them to users as required.