Jump to content

Prevent include files with .inc from being downloaded


orison316

Recommended Posts

<Files ~ \"^.inc\">

Order allow,deny

Deny from all

Satisfy All

</Files>

 

i am trying to prevent them from being download because they contain database info. i know you can switch it to .php but i have a lot sites with the .inc file Is there some way to have apache prevent them from being seen but still being used.

Link to comment
Share on other sites

what is the os u use?

 

the os is linux red hat 7.2 hope that helps but just to explain more. i have been using

 

include(database.inc);

at the top of most of my php pages. What i did not realize being i have been doing this for about a year is that if you use the url

http://mydomain.com/database.inc then you can download the code to your computer then open with an editor and view my username and password for the database but happens to used besides the database. is there any way to prevent download of this file without having to change a huge amount of php scripts.

Link to comment
Share on other sites

  • 3 months later...

Greetings,

The AddType directive will cure your problem.

Note in the list below the part that includes the .inc

at the end. That\'s the line you need to prevent ppl

from having your source dumped to their browser when

calling your .inc files in their location box on their

browsers.

Just add the line next to your other PHP directives

in the global section of your httpd.conf file.

 


   AddType application/x-httpd-php .php

   AddType application/x-httpd-php .php4

   AddType application/x-httpd-php-source .phps

   AddType application/x-httpd-php .phtml

   AddType application/x-httpd-php .inc

 

Best wishes,

Chris

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.