How to remove access .env for Laravel project

After uploading a site in live server, if you have removed the /public from URL then their will be a problem.

Problem is:

Now if someone tries to hit your_site_url/.env   then, he can download that .env file.

So, we need to stop that.



Here’s the process:

In the root folder you may have a .htaccess file. Just add the above code there inside .httaccess.

<Files .env>
order allow,deny
Deny from all
</Files>

So, for your Laravel project full .httaccess file will be like-

RewriteEngine On

RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]

RewriteCond %{REQUEST_URI} !(\.css|\.js|\.png|\.jpg|\.gif|robots\.txt)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !^/public/
RewriteRule ^(css|js|images)/(.*)$ public/$1/$2 [L,NC]

#Disable index view
options -Indexes

#hide a Specific File

<Files .env>
order allow,deny
Deny from all
</Files>
Maniruzzaman Akash

Maniruzzaman Akash

Maniruzzaman Akash is a freelance web developer with most popular Laravel PHP frameork and Vue JS

Leave a Reply

Your email address will not be published. Required fields are marked *