I see a tons of request in my Telescope (Laravel) trying to get ".env" file.
I want to block any ip who ask for this resource, for example:
I want block any IP ask for http://example.com/.env or http://example.com/../.env or whatever, if the url contains ".env", to sum up I want to block it immediately.
I was checking firewalld and iptables but I don't know how to put it in order. Could someone explain step by step how to do it in Ubuntu 20 + Apache?
I'll appreciate a lot guys! THX
I think what you're trying to do is not possible with firewalld or iptables, I'm not an expert on those technologies, but I'm pretty sure they don't operate at the OSI layer where there is enough information to block an HTML uri, at least not practically.
What you're probably after is a web application firewall (WAF). A quick search for Laravel WAFs shows this project: https://github.com/akaunting/laravel-firewall at the top of the results which might help.
I would recommend though that you try and separate concerns so that your server is agnostic to network level concerns.
I would recommend you use something like Cloudflare to do this, then you can just create page rules to restrict access to certain urls or subdomains.