.ENV file is visible

前端 未结 4 1408
再見小時候
再見小時候 2021-02-19 03:45

I am using Laravel 5.1

I recently uploaded my project in shared hosting. but when i browse http://siteAddress.com/local/.env my .env file is visible.

<
相关标签:
4条回答
  • 2021-02-19 04:14

    Finally I hide .env and disable index view of the folder named local. I create a .htaccess in folder local.

    And here is the code of .htaccess

    # Disable index view
    Options -Indexes
    
    # Hide a specific file
    <Files .env>
        Order allow,deny
        Deny from all
    </Files>
    
    0 讨论(0)
  • 2021-02-19 04:14

    Please create a .htaccess file where you have .env file and write the code as shown below:

    # STRONG HTACCESS PROTECTION
    <Files ~ "^.*\.([Ee][Nn][Vv])">
     order allow,deny
     deny from all
     satisfy all
    </Files>
    

    Then try to hit the .env file from url and it will not be available and show codes inside.

    If you want to remove it from github.

    Please create new file .gitignore on the same directory.

    and add line

    .env
    
    0 讨论(0)
  • You can add below code in .htaccess file to disable directory listing and restrict access of .env file:

    # Disable Directory listing
    Options -Indexes
    
    # block files which needs to be hidden, specify .example extension of the file
    <Files ~ "\.(env|json|config.js|md|gitignore|gitattributes|lock)$">
        Order allow,deny
        Deny from all
    </Files>
    
    0 讨论(0)
  • 2021-02-19 04:22

    The .env file resides outside the public folder so it should not be visible from outside world if the server is configured to see the public folder as document root.

    From the best answer:

    Remember that once your server is configured to see the public folder as the document root, no one can view the files that one level down that folder, which means that your .env file is already protected, as well your entire application. - That is the reason the public folder is there, security. - The only directories that you can see in your browser if you set the document root to the public folder is the folders that are there, like the styles and scripts.

    https://laracasts.com/discuss/channels/general-discussion/how-do-you-protect-env-file-from-public

    Check the folder structure on your hosting and make sure the public folder is the document root.

    0 讨论(0)
提交回复
热议问题