Prevent file access URL – htaccess
In this tutorial, we will teach you how you can prevent file access from URL using htaccess. Laravel is one of the most secured PHP frameworks, only if it’s used correctly. It can also be a huge security leak if not utilized properly. One problem I saw with many websites is that they move to production without securing their .env file.
You can always download the latest version of laravel from Github.
This file holds your site’s sensitive information like database passwords, email credentials, API keys, etc. By default, this sensitive information can easily be viewed by accessing the following URL:
https://your_domain/.env
If you see the content of your .env file, it clearly means that your website is open to hackers. To prevent this, open your .htaccess file and add the following highlighted code:
<IfModule mod_rewrite.c>
<FilesMatch .env|.env.example>
order allow,deny
deny from all
</FilesMatch>
...
</IfModule>
Now the .env file will be secured from the URL. You can refresh the page now and you will see a “403 Forbidden” error. So that’s how you can prevent direct file access from URL using htaccess.
Check out our social networking site project developed in Laravel.