Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Prevent access to .env file in Apache server?

Tags:

laravel

laravel-5

I'm new in laravel and I know the .env file is used to store database and email credentials. But when I'm opening http://servername/.env the .env file content is shown in browser.

Any chance to protect my database credentials without changing the file name to non-guessable one?

In case I'm using .htaccess to prevent file read, would this have negative effect to the laravel framework?

like image 259
Nikko Avatar asked Oct 17 '25 20:10

Nikko

1 Answers

Please add below code in your .htaccess file. It works also in localhost and Live server.

# Disable Directory listing
Options -Indexes

# block files which needs to be hidden, specify .example extension of the file
<Files ~ "\.(env|json|config.js|md|gitignore|gitattributes|lock)$">
    Order allow,deny
    Deny from all
</Files>
like image 97
Amit-Inex Patel Avatar answered Oct 20 '25 16:10

Amit-Inex Patel

Sign in to Comment

Related questions

Can LaravelSchema::getColumnListing() return columns in order?
How to (group by) date for every day in mysql
Unable to write file at location: to://app.js (Laravel 9 composer update on staging site)
I want to connect to an external DB

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!