# Deny direct access to everything in the app root.
# Only the public/ directory should be served by the web server.
# On cPanel: point your domain's Document Root to the /public subdirectory.

<IfModule mod_rewrite.c>
    RewriteEngine On
    # If someone accesses the root directly, redirect to public/
    RewriteRule ^(.*)$ public/$1 [L]
</IfModule>

# If the above rewrite is not used (Document Root already set to /public),
# this file still blocks direct root access via any misconfiguration.
Order deny,allow
Deny from all
