How to protect your .env file from public access in Laravel?
How to secure .env file in laravel
If you are a developer and developing an app on Laravel or Symfony then you certainly are familiar with a file named as .env file which is present in your root folder of Laravel or Symfony directory. We use this file to store secret information about our app including app_key, database connection, payment gateway information or mailer information etc. Or to put in simple words we do not want anyone unauthorized person to have access to this .env file. So how to protect .env file from public access?
How Do You Protect env File From Public
In simple words your env is accessible from the outside world using the following lines when you type them in the google search engine you will get the certain result as follows:-
DB_USERNAME filetype:env
APP_DEBUG filetype:env
DB_PASSWORD filetype:env
And so on..
The reason for these unsecured .env files can be:-
- Misconfigured Shared Hosting
- The .env file has the wrong access rights
Shared Hosting
To configure your shared hosting for .env file make sure that only the public folder is accessible from outside and not anything of your root folder can not be accessed from outside. If you are technical enough to change these setting on your own then good otherwise Go for VPS.
Wrong Access Rights For .env
One of the reasons for unsecured .env could be the wrong access rights for your .env file. Make sure that CHMOD for your .env file should be 400 or 440 so that it can not be accessed from outside the public folder.
One of the ways to avoid .env access is to use htaccess as follows:-
Create .htaccess file in your Root Directory and put the following Code.
#Disable index view
options -Indexes
#hide a Specifuc File
<Files .env>
order allow,deny
Deny from all
</Files>
Also, protect dotfiles with this
# Block access to dot file
location ~ /. {
deny all;
}
These should all be quite obvious things, that you usually do not have to deal with?—?but since it comes up on Google, I thought it will be worth writing about this. If you really liked this article then comment below and let us have a chit chat on the topic. Cheers! Happy Coding
This post is submitted by one of our members. You may submit a new post here.
- What is reverse routing in Laravel?
- Installing soap module on PHP 7 ubuntu
- Generating application key in Lumen
- How to get user details by id or email in Laravel?
- Sending data to view using redirect in Laravel?
- Installing Laravelcollective/html package in laravel 5.5
- How to Clear cache in Laravel?
- What does "composer dump-autoload" do?
- Rollback all migrations in Laravel
- Active Record Implementation in Laravel?
- Call to a member function connection() on null Laravel Lumen
- How to check current installed version of Laravel ?
- How to assign multiple middleware to Laravel route ?
- How to resolve phpunit/phpunit 5.7.8 requires ext-dom * error while installing Laravel 5
- Reading writing and deleting a File from disk or filesystem in Laravel 5
- How to resolve MassAssignment Exception _token error in Laravel 5?
- How to enable query log in Laravel?
- How to get records between two date in Laravel using eloquent
- What are named routes in Laravel?
- How to run Laravel Development server?
- Laravel Http to https
- Paginating records in Laravel
- Cross-Origin Request Blocked error in Laravel 5
- Call to undefined function csrf_field()
- Create image from base64 string laravel
- Difference between –prefer-dist and –prefer-source options in composer
- How to secure .env file in Laravel
- Non-static method should not be called statically Laravel
- Function to get excerpt from Laravel string
- Laravel: Sanitize Request Input by using Sanitizing Middleware
- Method spoofing in Laravel
- Changing storage path permission in Laravel
- What is the purpose of the Eloquent cursor() method in Laravel
- How to use custom table in Laravel Model?
- Using Session in Laravel
- Class ‘DB’ not found in Lumen
- Ajax code to delete file in laravel
- DB prefix in Lumen Framework.
- Installing specific version of Laravel with Composer
- Step by step guide to display wordpress posts in Laravel 5
- findorFail method in Laravel
- Laravel get ip address
- Image Manipulation in Laravel 5
- Using multiple Where clause Query in Laravel.
- Laravel migration change column type
- What new in Laravel 6
- PHP Artisan
- PHP artisan migrate command
- Run raw query in Laravel.
- php artisan serve not working
- php artisan serve stop
- Laravel phone number validation
- Laravel get server ip
- Where not in Laravel
- How to create zip files in Laravel?
- Creating zip of multiple files and download in Laravel.
- Laravel get data from database by id.
- List some official packages provided by Laravel.
- Service providers in Laravel
- How to enable maintenance mode in Laravel 5?
- Getting Random rows in Laravel Eloquent.
- IN query in Laravel Eloquent
- Disabling timestamps in Laravel Eloquent
- Explain migrations in Laravel? How can you generate migration.
- Read and Write Cookie in Laravel 5
- Adding Multiple Order By clause in Laravel
- Disabling error handler in laravel
- What happens when AUTO_INCREMENT reaches the maximum value?
- What is an Initialization function in PHP?
- clear-compiled Command in Laravel
- PHP artisan optimize command
- Laravel delete migration
- sqlstate hy000 error 2002 laravel
- How to get all records in Laravel?
- Laravel get logged in user data
- Get user id laravel blade
- Check user type in laravel
- Laravel run artisan command from controller
- php artisan serve
- Laravel Admin Panel - Fjord
- Laravel Socialite : Authentification OAuth avec Google, Facebook et Github (Social login)
- Laravel : Importer, exporter les données en Excel ou CSV avec spatie/simple-excel
- Laravel : Générer un QR code avec simple-qrcode
- Magni omnis omnis qu
- Installer Vue.js dans un projet Laravel
- Laravel - Vue.js : Uploader un fichier avec une barre de progression
- Installer Bootstrap 5 via npm et laravel Mix dans un projet un Laravel
- Screencast : Installer Bootstrap 5 via npm et laravel Mix dans un projet Laravel
- Laravel : importer et exporter une collection en Excel avec Fast Excel
- asd
- Laravel Livewire : liste déroulante pour choix de pays et ville
- TEstd
- Route controller
- Anim et nostrud plac
Laravel interview Questions © 2019 - Designed by PSD to HTML