发表新帖
发表新帖

How to protect .env file in Laravel

后端 未结
关注
6 972
甜味超标
甜味超标 2021-01-11 11:30

I moved my project to HOST but I can still access .env with address mysite.com/.env and display this file with all variables and secure data. my .env file :
相关标签:
6条回答
  • 星月不相逢
    2021-01-11 11:30

    1. All except the Public folder to move to a higher level, such as a folder laravel - http://prntscr.com/bryvu7

    2. Change file publi_html/index.php line

      require __DIR__.'/../bootstrap/autoload.php';

    to

    require __DIR__.'/../laravel/bootstrap/autoload.php';

    And line

    $app = require_once __DIR__.'/../bootstrap/app.php';

    to

    $app = require_once __DIR__.'/../laravel/bootstrap/app.php';
$app->bind('path.public', function() {
    return __DIR__;
});

    1. Change file laravel/server.php line

      require_once __DIR__.'/public/index.php';

    to

    require_once __DIR__.'/index.php';
    0 讨论(0)
  • 执念已碎
    2021-01-11 11:37

    I have tried following steps to deploy laravel in the shared hosting.

    1 - Edit the /etc/apache2/apache2.conf in Ubuntu OS. Please check appropriate file in other operating systems.

    <Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride All # Changed from None to All
        Require all granted
</Directory>

    1. Enable mod rewrite sudo a2enmod rewrite

    2. Edit or create .htaccess in the root (Public html folder)

       <Files ~ "\.(env|json|config.js|md|xml|gitignore|gitattributes|lock|editorconfig|yml|styleci.yml)$">
     Order allow,deny
     Deny from all
 </Files>
 Options -Indexes
 <Files ~ "(artisan|package.json|webpack.mix.js)$">
     Order allow,deny
     Deny from all
 </Files>

    4 - Restart Apache server, sudo service apache2 restart

    Note :- First two steps are used only in my own PC.

    0 讨论(0)
  • 北荒
    2021-01-11 11:43

    You are probably looking for how to stop .env files from being served on apache hence read.

    do this on the /etc/apache2/apache.conf file - Ubuntu. after this part of that file
    <FilesMatch "^\.ht">
    Require all denied
    </FilesMatch>

    add the code below

    # Hide a specific file
<Files .env>
    Order allow,deny
    Deny from all
</Files>

    then restart your apache server with sudo service apache2 restart and enjoy!

    0 讨论(0)
  • 甜味超标
    2021-01-11 11:50

    Create .htaccess file in your Root Directory and put following Code.

    #Disable index view
options -Indexes

#hide a Specifuc File

<Files .env>
order allow,deny
Deny from all
</Files>
    0 讨论(0)
  • 梦毁少年i
    2021-01-11 11:50

    You should change permission all folder on your app to 741, except bootstrap and storage and public (755).

    0 讨论(0)
  • 旧巷少年郎
    2021-01-11 11:51

    In my case when was I host my project in shared hosting my .env file was accessible, my folder structure was like this Root |+ App | App | config | Database | Routes | Storage | .env | ... | index.php | .htaccess |+ css |+ js

    My .env file was accessible via this website.com/app/.env Solution Put all your public content to a folder name it public and change the root document path in settings [don't forget to change app.php path in index.php file] |+app |+public

    bootrap.php file path should be like this /../app/vendor/autload.php & /../app/bootstrap/app.php

    0 讨论(0)
 看不清?
提交回复
热议问题