M |
Maarten V. |
As more and more web apps based on Laravel use an .env file to store configuration options and passwords, could you please add a WAF rule to protect those files?
Google: laracast protect .env file from public
for more info on this issue.
Activity Newest / Oldest
Mark Bacsko
Status changed to: Released
Mark Bacsko
Good news! I'm happy to report that we already have a WAF rule blocking .env files, namely rule no.: 930130
It should be enabled by default in your BitNinja recommended ruleset.
Thank you for your suggestion, Maarten!
Maarten V.
Is the .env file check added to the rule 930130 or did it exist already in rule 930130?
Mark Bacsko
It already did exist in the aforementioned rule! :)
Mark Bacsko
Hey there Maarten!
I've forwarded this ticket to our threat management team, and they will soon start working on it. I'll let you know if we have an update.
Stay Ninjastic!
Mark Bacsko
Status changed to: Planned
Mark Bacsko
Status changed to: Waiting