DEV Community

Teddy Zugana
Teddy Zugana

Posted on • Edited on

Laravel Apache hide .env and several security settings via .htaccess & hide .env password on debug

#php #laravel

ON .htaccess Add =

   Options -Indexes

   <Files ~    
    "\.(env|json|config.js|md|gitignore|gitattributes|lock)$">
        Order allow,deny
         Deny from all
    </Files>


   <Files ~ "(artisan)$">
       Order allow,deny
       Deny from all
    </Files>

   <Files *.php>
      Order Deny,Allow
      Deny from all
   </Files>

   <Files index.php>
     Order Allow,Deny
     Allow from all
   </Files>
Enter fullscreen mode Exit fullscreen mode

hide .env passwords in Laravel Debug output on config/app.php file add inside return

```
return [

'debug_blacklist' => [
    '_ENV' => [
        'APP_KEY',
        'DB_PASSWORD',
        'REDIS_PASSWORD',
        'MAIL_PASSWORD',
        'PUSHER_APP_KEY',
        'PUSHER_APP_SECRET',
    ],
    '_SERVER' => [
        'APP_KEY',
        'DB_PASSWORD',
        'REDIS_PASSWORD',
        'MAIL_PASSWORD',
        'PUSHER_APP_KEY',
        'PUSHER_APP_SECRET',
    ],
    '_POST' => [
        'password',
    ],
],
Enter fullscreen mode Exit fullscreen mode

];
Enter fullscreen mode Exit fullscreen mode

Top comments (0)

Read next

lithephp profile image

Creating a CRUD Application with PHP, MySQL, and Lithe

Lithe -

nasrulhazim profile image

🎉 Introducing Traitify – Simplifying Laravel Development with Reusable Traits and Contracts 🎉

Nasrul Hazim Bin Mohamad -

sertxudev profile image

Filament: Delete Attachments when Deleting a Record

Sergio Peris -

robertobutti profile image

Using Twig for rendering Markdown with PHP

Roberto B. -