In Laravel 8 the .env file is well protected out of the public folder. Additionally, I've added a rule in nginx to protect hidden files
location ~ /\. {
deny all;
}
However, I've seen several requests to the server looking for the .env file in the public folder, even though is not there.
In a normal PHP app I would create a .ini config file with a secret name out of the public folder. Is there a way to rename the .env file to something else?
I know that renaming the .env will not solve the problem of the requests, but at least I'll rest assure that the file they are looking for, does not even exist.
.env file name is define in Illuminate\Foundation\Application.
modify bootstrap/app.php file to change default file name.
replace
$app = new Illuminate\Foundation\Application(
$_ENV['APP_BASE_PATH'] ?? dirname(__DIR__)
);
with
$app = new Illuminate\Foundation\Application(
$_ENV['APP_BASE_PATH'] ?? dirname(__DIR__)
);
$app->loadEnvironmentFrom('.NEW_ENV_FILE_NAME');
change NEW_ENV_FILE_NAME to whatever filename you want