-2

I have uploaded all Laravel files to hosting. Now I can call .env file directly by URL and get configuration setting.

How can I hide this and forbid?

Dev
  • 1,013
  • 7
  • 15
  • 37
  • 1
    Your `.env` file should be ideally in a directory not accessible to the public, usually, the `app` directory is one directory above `public`. However, you should be able to restrict access to this file using `.htaccess` – Jonathon Aug 20 '16 at 21:59

1 Answers1

3

Your .env file should be ideally in a directory not accessible to the public, usually, it's in the directory above public.

However, you should be able to restrict access to this file using .htaccess. I think you can do something like this to achieve it (Not tested it):

<Files ".env">
Order Allow,Deny
Deny from all
</Files>
Jonathon
  • 15,873
  • 11
  • 73
  • 92