Mengamankan file .env dengan .htaccess

Photo by Michael Chacon on Unsplash

Mengamankan file .env agar tidak bisa diakses dengan membuka lokasi langsung seperti www.domain.com/.env

File .env

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews -Indexes
    </IfModule>
    
    # Disable index view
 Options -Indexes
    
    <FilesMatch ".env">
        Order allow,deny
        Deny from all
    </FilesMatch>
    
    <FilesMatch ^((composer|package)\.json$|artisan|server\.php$|composer\.lock$|phpunit.xml$|webpack.mix.js)$>
        Deny from all
    </FilesMatch>

    RewriteEngine On
    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} (.+)/$
    RewriteRule ^ %1 [L,R=301]

    # Send Requests To Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_URI} !^/public/
    RewriteRule ^(barcode|css|js|images|dist|plugins)/(.*)$ public/$1/$2 [L,NC]
    RewriteRule ^(\.env|\.env.example|\.gitignore|\.editorconfig|\.gitattributes)$ - [R=404,NC,L]
    
</IfModule>