问题
I move my project to HOST but i can access .env with address mysite.com/.env and display this file with all variables and secure data. my .env file :
APP_ENV=local
APP_DEBUG=true
APP_KEY=base64:xxxxxxx
APP_URL=http://localhost
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=xx
DB_USERNAME=xx
DB_PASSWORD=secret
CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_DRIVER=sync
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
MAIL_DRIVER=smtp
MAIL_HOST=mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
How i can hidden this file ?And this is the logical solution?
note : (I move all files public folder in root directory.)
回答1:
Create .htaccess file in your Root Directory and put following Code.
#Disable index view
options -Indexes
#hide a Specifuc File
<Files .env>
order allow,deny
Deny from all
</Files>
回答2:
All except the Public folder to move to a higher level, such as a folder laravel - http://prntscr.com/bryvu7
Change file publi_html/index.php line
require __DIR__.'/../bootstrap/autoload.php';
to
require __DIR__.'/../laravel/bootstrap/autoload.php';
And line
$app = require_once __DIR__.'/../bootstrap/app.php';
to
$app = require_once __DIR__.'/../laravel/bootstrap/app.php';
$app->bind('path.public', function() {
return __DIR__;
});
Change file laravel/server.php line
require_once __DIR__.'/public/index.php';
to
require_once __DIR__.'/index.php';
回答3:
You are probably looking for how to stop .env files from being served on apache hence read.
do this on the /etc/apache2/apache.conf file - Ubuntu. after this part of that file<FilesMatch "^\.ht">Require all denied</FilesMatch>
add the code below
# Hide a specific file
<Files .env>
Order allow,deny
Deny from all
</Files>
then restart your apache server with sudo service apache2 restart and enjoy!
回答4:
You should change permission all folder on your app to 741, except bootstrap and storage and public (755).
来源:https://stackoverflow.com/questions/38331397/how-protect-env-file-laravel