DEV Community 👩‍💻👨‍💻

Teddy Zugana
Teddy Zugana

Posted on • Updated on

Laravel Apache hide .env and several security settings via .htaccess & hide .env password on debug

ON .htaccess Add =

   Options -Indexes

   <Files ~    
    "\.(env|json|config.js|md|gitignore|gitattributes|lock)$">
        Order allow,deny
         Deny from all
    </Files>


   <Files ~ "(artisan)$">
       Order allow,deny
       Deny from all
    </Files>

   <Files *.php>
      Order Deny,Allow
      Deny from all
   </Files>

   <Files index.php>
     Order Allow,Deny
     Allow from all
   </Files>


Enter fullscreen mode Exit fullscreen mode

hide .env passwords in Laravel Debug output on config/app.php file add inside return

```
return [

'debug_blacklist' => [
    '_ENV' => [
        'APP_KEY',
        'DB_PASSWORD',
        'REDIS_PASSWORD',
        'MAIL_PASSWORD',
        'PUSHER_APP_KEY',
        'PUSHER_APP_SECRET',
    ],
    '_SERVER' => [
        'APP_KEY',
        'DB_PASSWORD',
        'REDIS_PASSWORD',
        'MAIL_PASSWORD',
        'PUSHER_APP_KEY',
        'PUSHER_APP_SECRET',
    ],
    '_POST' => [
        'password',
    ],
],
Enter fullscreen mode Exit fullscreen mode

];



Enter fullscreen mode Exit fullscreen mode

Top comments (0)

👀 Just want to lurk?

 
That's fine, you can still create an account and turn on features like 🌚 dark mode.