How to not allow users(or hackers) to download a file directly from web server?

Question

If someone knew the link of one of my page or simply they made an assumption like http://ww.yourweb.com/index.php, this is a general assumption and if you put this link on DAP or other donwload manager, it will download file, with source code inside.

I want to stop other from stealing my code on this manner, is there a way for this?

Answer 1

Your server is misconfigured, if running on Apache try adding the follwoing line in the .htaccess file of your root (or public_html) folder and see if you server starts parsing php file properly instead of returning source code.

AddHandler application/x-httpd-php .php

Answer 2

Well, I haven't heard of any case of a proper php file being downloaded (i.e. its source code instead of the parsed output).

However, if you want nobody to be able to download some file(s), you should look into mod_rewrite, as it is quite flexible. For example, if you use SMARTY and you don't want your templates to be downloaded (as they give some insight into the structure of your web page/cms/shop/whatever - i.e. make it slightly easier to hack), you can start off with the following rule:

RewriteCond %{REQUEST_URI} \.(tpl|tpl.php)$ 
RewriteRule .* - [F]

Of course that's not enough, but that's a point to start from.

Hope that helps ;)

Answer 3

When a HTTP GET request is made on a php resource, the php script is executed by the interpreter on the server, and the resulting html is what is served to the client - not the .php file.

Answer 4

Your worry is unfounded. If correctly configured, the server will always serve the parsed file, never the unparsed PHP source file, no matter whether it's a browser that requests the file or some download manager.