Brett
Reputation: 20049
Denying user access to php.ini file with .htaccess
Because we have some custom configuration in our php.ini file we apparently have to store it in the root dir of our site & hence any user would be able to see it.
How I can I block people accessing it via their browser for example?
Upvotes: 5
Views: 3514
Answers (3)
Ozgur Sar
Reputation: 2204
I had the same issue on an OpenLiteSpeed server. The following code placed in .htaccess fixed it for me.
RewriteRule ^.*\.(ini)$ - [F,L]
Upvotes: 0
Arthur
Reputation: 3807
Try to put this in your .htaccess :
<FilesMatch "php.ini">
Order allow,deny
Deny from all
</FilesMatch>
It denies access to anyone trying to reach php.ini.
Edit: Allow and Order are deprecated in Apache 2.4. You should use Require all denied instead.
<FilesMatch "php.ini">
Require all denied
</FilesMatch>
Upvotes: 7
Felipe Alameda A
Reputation: 11809
One way to do it is inserting something like this at the start of php.ini file:
/***************DO NOT ALLOW DIRECT ACCESS************************************/
if ( (strpos( strtolower( $_SERVER[ 'SCRIPT_NAME' ] ), strtolower( basename( __FILE__ ) ) ) ) !== FALSE ) { // TRUE if the script's file name is found in the URL
header( 'HTTP/1.0 403 Forbidden' );
die( '<h2>Forbidden! Access to this page is forbidden.</h2>' );
}
/*****************************************************************************/
Upvotes: 1
Related Questions
- Block access to PHP file using .htaccess
- Disable direct access to php file
- deny access of php file from url htaccess
- How to restrict viewing of php.ini from all subdirectories?
- Denying direct access to configuration files
- Deny access to all PHP files in a directory using .htaccess
- Block access to php.ini file
- Is it safe to deny access to .ini file in .htaccess?
- Deny access to a file
- Disable access to files