In this tutorial, we will teach you how you can prevent file access from URL using htaccess. Laravel is one of the most secured PHP frameworks, only if it’s used correctly. It can also be a huge security leak if not utilized properly. One problem I saw with many websites is that they move to production without securing their .env file.
You can always download the latest version of laravel from Github.
This file holds your site’s sensitive information like database passwords, email credentials, API keys, etc. By default, this sensitive information can easily be viewed by accessing the following URL:
If you see the content of your .env file, it clearly means that your website is open to hackers. To prevent this, open your .htaccess file and add the following highlighted code:
<IfModule mod_rewrite.c> <FilesMatch .env|.env.example> order allow,deny deny from all </FilesMatch> ... </IfModule>
Now the .env file will be secured from the URL. You can refresh the page now and you will see a “403 Forbidden” error. So that’s how you can prevent direct file access from URL using htaccess.
We are sorry that this post was not useful for you!
Let us improve this post!
Tell us how we can improve this post