homepage Welcome to WebmasterWorld Guest from 54.237.78.165
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
How to block the visitor from downloading my php files
Jason200784

5+ Year Member



 
Msg#: 3663003 posted 5:05 pm on May 30, 2008 (gmt 0)

I have put all my php files in a directory. But If the vistor get the name of the php files, they can download all of them. I want to block the visitor from downloading all the php files. What should I do to make it?

Thanks in advance!

 

jdMorgan

WebmasterWorld Senior Member jdmorgan us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3663003 posted 7:52 pm on May 30, 2008 (gmt 0)

In the php-files directory, add this to your .htaccess file, or create an new .htaccess file in that directory with the following lines:

Order Allow,Deny
Deny from all

This directory will then become inaccessible via HTTP. You will still be able to invoke scripts by "including" them on your pages, but no direct HTTP requests will be allowed.

Jim

Jason200784

5+ Year Member



 
Msg#: 3663003 posted 12:28 pm on May 31, 2008 (gmt 0)

thanks. very helpful

Patrick Taylor

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3663003 posted 10:09 pm on May 31, 2008 (gmt 0)

What do you mean by 'downloading the files'? Surely they can't download the actual php scripts? They can only download what the scripts generate on the server.

[edited by: Patrick_Taylor at 10:15 pm (utc) on May 31, 2008]

jscjso

5+ Year Member



 
Msg#: 3663003 posted 10:45 pm on May 31, 2008 (gmt 0)

I have a similar concern.

I have all my .html, .pl, and data files in the domain directory and its sub-directories. Anyone can find out the filenames and sub-directories pathnames of all these by viewing the source of the browser display.

Can people view or copy my data files and script files?

g1smd

WebmasterWorld Senior Member g1smd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3663003 posted 1:41 am on Jun 1, 2008 (gmt 0)

Worse than that, they may be able to "run" small parts of your scripts and inject malicious values into some of your variables.

Protect the folder form access and from indexing.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved