# Env Access Analyzer
Category | Severity | Time To Fix |
---|---|---|
🛡️ Security | ⚠️ Critical | 5 minutes |
Class: Enlightn\Enlightn\Analyzers\Security\EnvAccessAnalyzer
# Introduction
This analyzer makes a request to a /.env
route to confirm that your env file is not publicly accessible and your root project directory is configured properly on your web server.
If this is not the case, this is a serious security vulnerability as it exposes your .env
file to the outside world.
# How To Fix
To fix this issue, you must ensure that the public
directory in your Laravel application is the one that is setup as the root directory on the web server and not your project root directory.
Check out the references below for the documentation specific to your web server to learn more on how to configure the root directory.