Geek Answers Handbook

How to protect php file with .htaccess from downloading using php5

Last night I made some admin changes to my web server. I am using php. After the upgrade, the php processor failed, and if someone went to my home page, the php page would just load and show the code and password for each visitor. So I was wondering if there is a way to prevent any download of php files using .htaccess - but still allow normal file browsing.

0
php .htaccess
source share
3 answers

A good template to keep in mind during development is to use a minimal initialization file that invokes the actual application that is outside of webroot. Thus, in this case, only the minimum stub is revealed without critical information.

A simplified example:

/ /app critical_code.php /webroot .htaccess <- rewrites all requests to index.php index.php <- invokes ../app/critical_code.php (or other files as requested)
+5
source share

The problem is that either .htaccess serves your files to the user or not. You cannot deny him access to .php files because under normal use access will also be denied. There is no fallback behavior for a PHP processor that simply does not work correctly.

It may be worth temporarily moving the root of the website to point to the site β€œunder maintenance” when doing such large things as to minimize risk.

+3
source share

Assuming you are using Apache, your .htaccess file will look something like this.

 <FilesMatch ".*\.php"> Order allow,deny Deny from all Satisfy All </FilesMatch> <IfModule php5_module> <FilesMatch ".*\.php"> Allow from all Satisfy All </FilesMatch> </IfModule>

The first rule denies access to all .php files. By default, the user will see error 403 (Forbidden).

If the PHP5 module loads successfully, the second rule will affect what grants access.

+1
source share

More articles:


All Articles