PHP, MySQL, Drupal, .htaccess, Robots.txt, Phponwebsites

24 Nov 2013

How to prevent access to php.ini file using .htaccess

                     Php.ini file is the configuration file. Any changes in php.ini file can affect the functionalities of php. It is read each time the php is initialized. By default, php.ini file is located in /user/local/lib directory on your server.  Max_execution_time, shot_open_tag, memory_limit, allow_url_fopen, PHP_INI_SYSTEM, PHP_INI_ALL, PHP_INI_PERDIR are some of the modes present in a php.ini configuration file. It can be easily access by others . We can restrict this by .htaccess.
Example:
        <FilesMatch "\.(js | jpeg | jpg)$">
             Order allow, deny
             Deny from All
             Allow from env=REDIRECT_STATUS
        </FilesMatch>

               Where,
                            You can add any file type by type extension without '.' and each one is separate by '|' .
               OR

       <Files php.ini>
          Order allow, deny
          Deny from all
       </Files>
                      Now your php.ini file is invisible to viewers.


Related Post: