6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Block access to php.ini file\",\"text\":\"

We have a custom php.ini and .htaccess file in the root of the web tree.

\\n\\n

The .htaccess cannot be accessed by default but the php.ini can be accessed.

\\n\\n

For example:

\\n\\n

http://example.com/php.ini\\n

\\n\\n

Whats the recommenced procedure to block access to the php.ini file?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"zaf\"},\"upvoteCount\":3,\"answerCount\":2,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

Also if you must have it in the public folder try:

\\n\\n

<Files php.ini>\\n  order allow,deny\\n  deny from all\\n</Files>\\n

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Matt\"},\"upvoteCount\":15}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","php",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/php/1","children":"php"}]}],["$","span","security",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/security/1","children":"security"}]}],["$","span","apache",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/apache/1","children":"apache"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/ca7f8c3ab0937427e864fb0e84cc1891?s=256&d=identicon&r=PG","alt":"zaf","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/300204/zaf","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"zaf"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",23244]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Block access to php.ini file"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

We have a custom php.ini and .htaccess file in the root of the web tree.

\n\n

The .htaccess cannot be accessed by default but the php.ini can be accessed.

\n\n

For example:

\n\n

http://example.com/php.ini\n

\n\n

Whats the recommenced procedure to block access to the php.ini file?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",3]}],["$","p",null,{"children":["Views: ",3352]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",2,")"]}],[["$","div","8225821",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/KPe5g.jpg?s=256","alt":"Peter Stuart","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/1030100/peter-stuart","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Peter Stuart"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",2434]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

Change the CHMOD or permissions so it is not executable by the user.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",-2]}]}]]}],["$","div","8225802",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/75993be9b3f0a771eedb68e59d89be45?s=256&d=identicon&r=PG","alt":"Matt","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/447191/matt","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Matt"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",7249]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

Also if you must have it in the public folder try:

\n\n

<Files php.ini>\n  order allow,deny\n  deny from all\n</Files>\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",15]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","15160376",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/15160376","className":"text-blue-600 hover:underline","children":"Denying user access to php.ini file with .htaccess"}]}],["$","li","6772011",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/6772011","className":"text-blue-600 hover:underline","children":"How to hinder PHP files to Global Access"}]}],["$","li","66676615",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/66676615","className":"text-blue-600 hover:underline","children":"How to prevent access PHP out of its directory in any way?"}]}],["$","li","37196251",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/37196251","className":"text-blue-600 hover:underline","children":"How to restrict viewing of php.ini from all subdirectories?"}]}],["$","li","29670935",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/29670935","className":"text-blue-600 hover:underline","children":"Security and .ini file"}]}],["$","li","28166732",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/28166732","className":"text-blue-600 hover:underline","children":"Restricting direct access to php file"}]}],["$","li","216019",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/216019","className":"text-blue-600 hover:underline","children":"Is it safe to deny access to .ini file in .htaccess?"}]}],["$","li","9834912",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/9834912","className":"text-blue-600 hover:underline","children":"block php file access (using mod_sec)"}]}],["$","li","6930664",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/6930664","className":"text-blue-600 hover:underline","children":"Preventing direct access to php files"}]}],["$","li","4680359",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/4680359","className":"text-blue-600 hover:underline","children":"How do I stop my apache2 server from serving missile_launch_codes.ini?"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Block access to php.ini file

Answers (2)

Related Questions