Knowledgebase: Server side
Protecting PHP Configuration Files
Posted by Sinan Esen on 05 May 2015 03:32 PM

Our hosting services utilise a number of PHP "SafeMode" functions, including open_basedir() which restricts PHP from viewing any files below your /httpdocs folder, as such you cannot place any configuration files outside of your web-root folder.

 

For more information regarding PHP safe mode, please see:

 

To provide you with a degree of protection, you can do the following:

1. Log into your Control Panel

2. Select your hosting plan then click on the Files tab in the navigation bar

3. Create a file in your httpdocs called .htaccess and place the following information into this file

<Files "*\.inc\.php">
order allow,deny
deny from all
</Files>

 

NB: This denies Apache (Web Server) from viewing any file that ends with .inc.php, however PHP can still view the files.

4. You can now name your include file something like config.inc.php and the Apache web server will not be able to display the content.

NB: If the .htaccess file is accidently removed, the php extension will assist in not disclosing file content.

(0 vote(s))
Helpful
Not helpful