Laravel Apache hide .env and several security settings via .htaccess & hide .env password on debug
Teddy Zugana
Posted on June 25, 2021
ON .htaccess Add =
Options -Indexes
<Files ~
"\.(env|json|config.js|md|gitignore|gitattributes|lock)$">
Order allow,deny
Deny from all
</Files>
<Files ~ "(artisan)$">
Order allow,deny
Deny from all
</Files>
<Files *.php>
Order Deny,Allow
Deny from all
</Files>
<Files index.php>
Order Allow,Deny
Allow from all
</Files>
hide .env passwords in Laravel Debug output on config/app.php file add inside return
```
return [
'debug_blacklist' => [
'_ENV' => [
'APP_KEY',
'DB_PASSWORD',
'REDIS_PASSWORD',
'MAIL_PASSWORD',
'PUSHER_APP_KEY',
'PUSHER_APP_SECRET',
],
'_SERVER' => [
'APP_KEY',
'DB_PASSWORD',
'REDIS_PASSWORD',
'MAIL_PASSWORD',
'PUSHER_APP_KEY',
'PUSHER_APP_SECRET',
],
'_POST' => [
'password',
],
],
];
💖 💪 🙅 🚩
Teddy Zugana
Posted on June 25, 2021
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.
Related
webdev Introducing Laravel Nightwatch: A New Age of Monitoring Your Laravel Apps ✨
November 27, 2024