Welcome to WebmasterWorld Guest from 54.146.194.42

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

How to block the visitor from downloading my php files

     
5:05 pm on May 30, 2008 (gmt 0)

New User

5+ Year Member

joined:May 22, 2008
posts:5
votes: 0


I have put all my php files in a directory. But If the vistor get the name of the php files, they can download all of them. I want to block the visitor from downloading all the php files. What should I do to make it?

Thanks in advance!

7:52 pm on May 30, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


In the php-files directory, add this to your .htaccess file, or create an new .htaccess file in that directory with the following lines:

Order Allow,Deny
Deny from all

This directory will then become inaccessible via HTTP. You will still be able to invoke scripts by "including" them on your pages, but no direct HTTP requests will be allowed.

Jim

12:28 pm on May 31, 2008 (gmt 0)

New User

5+ Year Member

joined:May 22, 2008
posts:5
votes: 0


thanks. very helpful
10:09 pm on May 31, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 30, 2003
posts: 932
votes: 0


What do you mean by 'downloading the files'? Surely they can't download the actual php scripts? They can only download what the scripts generate on the server.

[edited by: Patrick_Taylor at 10:15 pm (utc) on May 31, 2008]

10:45 pm on May 31, 2008 (gmt 0)

Junior Member

5+ Year Member

joined:Apr 19, 2008
posts:52
votes: 0


I have a similar concern.

I have all my .html, .pl, and data files in the domain directory and its sub-directories. Anyone can find out the filenames and sub-directories pathnames of all these by viewing the source of the browser display.

Can people view or copy my data files and script files?

1:41 am on June 1, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


Worse than that, they may be able to "run" small parts of your scripts and inject malicious values into some of your variables.

Protect the folder form access and from indexing.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members