DEV Community

Teddy Zugana
Teddy Zugana

Posted on • Updated on

Laravel Apache hide .env and several security settings via .htaccess & hide .env password on debug

#php #laravel

ON .htaccess Add =

   Options -Indexes

   <Files ~    
    "\.(env|json|config.js|md|gitignore|gitattributes|lock)$">
        Order allow,deny
         Deny from all
    </Files>


   <Files ~ "(artisan)$">
       Order allow,deny
       Deny from all
    </Files>

   <Files *.php>
      Order Deny,Allow
      Deny from all
   </Files>

   <Files index.php>
     Order Allow,Deny
     Allow from all
   </Files>
Enter fullscreen mode Exit fullscreen mode

hide .env passwords in Laravel Debug output on config/app.php file add inside return

```
return [

'debug_blacklist' => [
    '_ENV' => [
        'APP_KEY',
        'DB_PASSWORD',
        'REDIS_PASSWORD',
        'MAIL_PASSWORD',
        'PUSHER_APP_KEY',
        'PUSHER_APP_SECRET',
    ],
    '_SERVER' => [
        'APP_KEY',
        'DB_PASSWORD',
        'REDIS_PASSWORD',
        'MAIL_PASSWORD',
        'PUSHER_APP_KEY',
        'PUSHER_APP_SECRET',
    ],
    '_POST' => [
        'password',
    ],
],
Enter fullscreen mode Exit fullscreen mode

];
Enter fullscreen mode Exit fullscreen mode

Top comments (0)

Read next

mdarifulhaque profile image

2583. Kth Largest Sum in a Binary Tree

MD ARIFUL HAQUE -

arafatweb profile image

A Simple Guide to Domain-Driven Design (DDD) in Laravel

Arafat Hossain Ar -

xxzeroxx profile image

PHP Design Patterns: Facade

Antonio Silva -

mdarifulhaque profile image

1593. Split a String Into the Max Number of Unique Substrings

MD ARIFUL HAQUE -