Ways to prevent Apache from serving a folder?

[JudgementDay]

What are some ways to prevent Apache from serving a folder in the root directory?

 

I have raw data in there containing PHP with passwords for my SQL database, and I don't want it being served up.

 

I'm thinking just .htaccess with a password.

 

Is it possible to do within my servers configuration file?

 

I want to hear what other people would do.

[PFMaBiSmAd]

Since php is a server side language, no one can get your database username/password that is contained within php code by browsing to the file, unless you are echoing those values. It would require someone to have direct access to the php source code, but if they already have that level of access to the files on your server, nothing you can do would prevent them from learning the username/password.

 

You can prevent the wasting of server resources, should someone start requesting the file, by putting the file into a folder that does not permit any http requests. You can either put the folder outside your document root folder (closer to the disk root) or put a .htaccess file in the folder that prevents all http requests.

 

 

[JudgementDay]

... so do you know any ways apart from the one I suggested?

[maneetpuri]

You can do it after disabling directory listing in server's configuration file.

 

Cheers!!

[ttocskcaj]

Off the top of my memory...

Order Deny, Allow
Deny from All

Something along those lines, in a .htaccess file. Or a <directory> section in your httpd.conf

 

It's not safe to rely on PHP not printing out the passwords. If something goes wrong, your source code (and passwords) will be out there for the world to see.