DEV Community

Teddy Zugana
Teddy Zugana

Posted on • Edited on

3 3

Laravel Apache hide .env and several security settings via .htaccess & hide .env password on debug

ON .htaccess Add =

   Options -Indexes

   <Files ~    
    "\.(env|json|config.js|md|gitignore|gitattributes|lock)$">
        Order allow,deny
         Deny from all
    </Files>


   <Files ~ "(artisan)$">
       Order allow,deny
       Deny from all
    </Files>

   <Files *.php>
      Order Deny,Allow
      Deny from all
   </Files>

   <Files index.php>
     Order Allow,Deny
     Allow from all
   </Files>


Enter fullscreen mode Exit fullscreen mode

hide .env passwords in Laravel Debug output on config/app.php file add inside return

```
return [

'debug_blacklist' => [
    '_ENV' => [
        'APP_KEY',
        'DB_PASSWORD',
        'REDIS_PASSWORD',
        'MAIL_PASSWORD',
        'PUSHER_APP_KEY',
        'PUSHER_APP_SECRET',
    ],
    '_SERVER' => [
        'APP_KEY',
        'DB_PASSWORD',
        'REDIS_PASSWORD',
        'MAIL_PASSWORD',
        'PUSHER_APP_KEY',
        'PUSHER_APP_SECRET',
    ],
    '_POST' => [
        'password',
    ],
],
Enter fullscreen mode Exit fullscreen mode

];



Enter fullscreen mode Exit fullscreen mode

Heroku

Simplify your DevOps and maximize your time.

Since 2007, Heroku has been the go-to platform for developers as it monitors uptime, performance, and infrastructure concerns, allowing you to focus on writing code.

Learn More

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more