We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Keeping critical  PHP files from being downloaded

steva
steva asked
on
Medium Priority
281 Views
Last Modified: 2012-05-11
PHP files often have critical information.  A vendor's PayPal account information might be in a config.php file, for example.  How are these files protected from download by something like FlashGet?

Thanks
Comment
Watch Question

Commented:
What hosting platform?
Something like a config.php etc is usually in ./includes, so prohibit directory listing on those folders.
Aaron TomoskyDirector, SD-WAN Solutions
CERTIFIED EXPERT

Commented:
In apache use .htaccess to forbid access to your includes folder
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Author

Commented:
Trixor,

No it doesn't display anything if run directly.  So are you saying that Apache in general won't let you download a .php file?

Commented:
Steva,

That is correct.

Just be aware that if your Apache is NOT configured to process PHP, you can download a .php file. But since in most cases Apache is configured this way, you are correct.

Commented:
Author didn't specifically mention apache-- Example there is no .htaccess in iis. Disable directory browsing.

Author

Commented:
I'm running on a Linux/Apache system, so  there is a .htaccess file.  But the .htaccess in  the  directory containing config.php just has some kind of a RewriteRule with a regular expression.  (I have access to the remote directories.)  So it doesn't look like .htaccess is what's blocking download access to the file.  I think Trixor has it.  Apache won't download any php files, no matter where they are.  That's good to know.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.