Thursday, July 18

How Do You Protect .env File From Public ?

How Do You Protect env File From Public :-If your are a developer and developing any app on laravel or Symfony then you certainly is familier with a file named as .env file  which is present in your root folder of laravel or Symfony directory. We use this file to store secret information about our app including app_key , database connection, payment gateway information or mailer information etc. Or to put in simple words we do not want anyone unauthorised person to have access to this .env file. So how to proetct .env file from public access?

How Do You Protect env File From Public

Protect env file

Protect env file

In simple words your env is accessible from out side world using the following lines when you type them in google search engine you will get certain result as follows:-

DB_USERNAME filetype:env
APP_DEBUG filetype:env
DB_PASSWORD filetype:env

And so on..

Example result on Google

Example result on Google

The reason for these unsecured .env files can be :-

  1. Misconfigured Shared Hosting
  2. The .env file has the wrong access rights

Shared Hosting

To configure your shared hosting for .env file make sure that only the public folder is accessible form outside and not anything of your root folder can not be accessed from outside. If you are techanical enough to change these setting on your own then good otherwise Go for VPS.

Wrong Access Rights For .env

One of the reson for unsecured .env could be the wrong access rights for your .env file. Make sure that CHMOD for your .env file should be 400 or 440 so that it can not be accessed from outside the public folder.

One of the way to avoid .env access is to use htaccess as follows:-

Create .htaccess file in your Root Directory and put following Code.

#Disable index view
options -Indexes
#hide a Specifuc File
<Files .env>
order allow,deny
Deny from all


Also, protect dot files with this

# Block access to dot file
location ~ /. {
    deny  all;

These should all be quite obvious things, that you usually do not have to deal with — but since it comes up on Google, I thought it will be worth writing about this. If you really liked this article then comment below and let us have  a chit chat on the topic. Cheers ! Happy Coding

Article Source :

The post How Do You Protect .env File From Public ? appeared first on Laravel Interview Questions.


0 0 votes
Article Rating
Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x