Jump to content


Photo

Prevent include files with .inc from being downloaded


  • Please log in to reply
3 replies to this topic

#1 orison316

orison316
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 22 May 2003 - 01:42 AM

<Files ~ \"^.inc\">
Order allow,deny
Deny from all
Satisfy All
</Files>

i am trying to prevent them from being download because they contain database info. i know you can switch it to .php but i have a lot sites with the .inc file Is there some way to have apache prevent them from being seen but still being used.

#2 shivabharat

shivabharat
  • Members
  • PipPipPip
  • Advanced Member
  • 371 posts
  • LocationChennai, India

Posted 22 May 2003 - 06:42 PM

what is the os u use?

U can surely restrict what u said in the os level itself!!
Knowledge --- Reading Enriches Mind But Sharing Enhances It.[br][br]Note: Before you request help enusre that you have had a look at the tutorials @phpfreaks

#3 orison316

orison316
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 22 May 2003 - 06:53 PM

what is the os u use?

the os is linux red hat 7.2 hope that helps but just to explain more. i have been using

include(database.inc);
at the top of most of my php pages. What i did not realize being i have been doing this for about a year is that if you use the url
http://mydomain.com/database.inc then you can download the code to your computer then open with an editor and view my username and password for the database but happens to used besides the database. is there any way to prevent download of this file without having to change a huge amount of php scripts.

#4 someone

someone
  • New Members
  • Pip
  • Newbie
  • 4 posts

Posted 16 September 2003 - 07:55 AM

Greetings,
The AddType directive will cure your problem.
Note in the list below the part that includes the .inc
at the end. That\'s the line you need to prevent ppl
from having your source dumped to their browser when
calling your .inc files in their location box on their
browsers.
Just add the line next to your other PHP directives
in the global section of your httpd.conf file.

   AddType application/x-httpd-php .php    AddType application/x-httpd-php .php4    AddType application/x-httpd-php-source .phps    AddType application/x-httpd-php .phtml    AddType application/x-httpd-php .inc

Best wishes,
Chris




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users