Laravel Apache hide .env and several security settings via .htaccess & hide .env password on debug

#php #laravel

ON .htaccess Add =

   Options -Indexes

   <Files ~    
    "\.(env|json|config.js|md|gitignore|gitattributes|lock)$">
        Order allow,deny
         Deny from all
    </Files>


   <Files ~ "(artisan)$">
       Order allow,deny
       Deny from all
    </Files>

   <Files *.php>
      Order Deny,Allow
      Deny from all
   </Files>

   <Files index.php>
     Order Allow,Deny
     Allow from all
   </Files>

hide .env passwords in Laravel Debug output on config/app.php file add inside return

```
return [

'debug_blacklist' => [
    '_ENV' => [
        'APP_KEY',
        'DB_PASSWORD',
        'REDIS_PASSWORD',
        'MAIL_PASSWORD',
        'PUSHER_APP_KEY',
        'PUSHER_APP_SECRET',
    ],
    '_SERVER' => [
        'APP_KEY',
        'DB_PASSWORD',
        'REDIS_PASSWORD',
        'MAIL_PASSWORD',
        'PUSHER_APP_KEY',
        'PUSHER_APP_SECRET',
    ],
    '_POST' => [
        'password',
    ],
],

];

Hands-on debugging session: instrument, monitor, and fix

Join Lazar for a hands-on session where you’ll build it, break it, debug it, and fix it. You’ll set up Sentry, track errors, use Session Replay and Tracing, and leverage some good ol’ AI to find and fix issues fast.

RSVP here →