Prevent include files with .inc from being downloaded

[orison316]

<Files ~ \"^.inc\">

Order allow,deny

Deny from all

Satisfy All

</Files>

 

i am trying to prevent them from being download because they contain database info. i know you can switch it to .php but i have a lot sites with the .inc file Is there some way to have apache prevent them from being seen but still being used.

[shivabharat]

what is the os u use?

 

U can surely restrict what u said in the os level itself!!

[orison316]

what is the os u use?

 

the os is linux red hat 7.2 hope that helps but just to explain more. i have been using

 

include(database.inc);

at the top of most of my php pages. What i did not realize being i have been doing this for about a year is that if you use the url

http://mydomain.com/database.inc then you can download the code to your computer then open with an editor and view my username and password for the database but happens to used besides the database. is there any way to prevent download of this file without having to change a huge amount of php scripts.

[someone]

Greetings,

The AddType directive will cure your problem.

Note in the list below the part that includes the .inc

at the end. That\'s the line you need to prevent ppl

from having your source dumped to their browser when

calling your .inc files in their location box on their

browsers.

Just add the line next to your other PHP directives

in the global section of your httpd.conf file.

 

   AddType application/x-httpd-php .php

   AddType application/x-httpd-php .php4

   AddType application/x-httpd-php-source .phps

   AddType application/x-httpd-php .phtml

   AddType application/x-httpd-php .inc

 

Best wishes,

Chris