Geek Answers Handbook

How to protect .env laravel file

I transfer my project to HOST, but I can access .env with the address mysite.com/.env and display this file with all the variables and protected data. my .env file is:

    APP_ENV=local
APP_DEBUG=true
APP_KEY=base64:xxxxxxx
APP_URL=http://localhost

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=xx
DB_USERNAME=xx
DB_PASSWORD=secret

CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_DRIVER=sync

REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379

MAIL_DRIVER=smtp
MAIL_HOST=mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null

How can I hide this file? And is this a logical decision?

note: (I move the shared folder of all files to the root directory.)

+4
source share
4 answers

Create a .htaccess file in the root directory and put the following code.

#Disable index view
options -Indexes

#hide a Specifuc File

<Files .env>
order allow,deny
Deny from all
</Files>
+5
source

  • Everything except the shared folder to go to a higher level, for example, to the laravel folder - http://prntscr.com/bryvu7

  • Edit publi_html / index.php file Line

    require __DIR__.'/../bootstrap/autoload.php';

to

require __DIR__.'/../laravel/bootstrap/autoload.php';

And the line

$app = require_once __DIR__.'/../bootstrap/app.php';

to

$app = require_once __DIR__.'/../laravel/bootstrap/app.php';
$app->bind('path.public', function() {
    return __DIR__;
});

  1. Modify laravel / server.php line file

    require_once __DIR__.'/public/index.php';

to

require_once __DIR__.'/index.php';
+2

741, , public (755).

0

, , , .env , Apache, .

/etc/apache2/apache.conf - Ubuntu.
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>

# Hide a specific file
<Files .env>
    Order allow,deny
    Deny from all
</Files>

apache sudo service apache2 restart !

0

More articles:


All Articles