Reputation: 737
CodeIgniter 4: How to protect .env from public view?
I have configured the database credentials in the .env file. But I can access the file .env file from the browser and it displays all the variables in the .env file.
How do I make it secure so it is not publicly readable?
My folder structure is like this:
public_html/project/
.env
app
public
system
writable
The application is accessed from domain.com/project/public.
Upvotes: 0
Views: 1681
Answers (2)
Reputation: 3
Try to prevent it from .htaccess
<Files .env>
Order allow,deny
Deny from all
</Files>
Upvotes: 0
Reputation: 1746
In fact you're not installing the project correctly on your server
The public_html folder should contain files that are intended to be accessible by the browser
In the case of CodeIgniter 4, the contents of the public_html folder are the contents of public folder, you usually put the front controller index.php and your assets folder inside public_html
The rest of folders and files goes next to public_html, so your folder structure needs to look like this:
|__.env
|__app
|__public_html
|____index.php
|____assets
|__system
|__writable
Upvotes: 2
Related Questions
- Prevent access to .env file in Apache server?
- How to protect .env file in Laravel
- Custom .env variable on Codeigniter 4
- How to protect files in public folder in codeIgniter?
- Prevent public access to env file
- How to protect codeigniter application source file
- How to secure .env file in laravel 5.4?
- Prevent direct access to php config and classes similar to codeigniter
- Protect Codeigniter application during development
- Restricting direct access to your view-files in CodeIgniter?