Prevent access to php.ini

Prevent access to php.ini

(Edit this article)

If you run the risk of someone accessing your php.ini or php.cgi files directly through their browsers, you can limit access to them using .htaccess.

To enable this, create a .htaccess file following the main instructions and guidance, and include the following text:

<FilesMatch "^php5?\.(ini|cgi)$">
Order Deny,Allow
Deny from All
Allow from env=REDIRECT_STATUS
</FilesMatch>

<- Preventing access to your PHP includes files

Forcing scripts to display as source code ->

Visitor Comments and Responses

Average Rating: 5.67 out of 10 (3 Votes)

Table of Contents

1.	What is .htaccess?

2.	How to use .htaccess

3.	Error documents

4.	Redirects

5.	Password protection

6.	Deny visitors by IP address

7.	Deny visitors by referrer

8.	Hot link prevention techniques

9.	Blocking offline browsers and 'bad bots'

10.	DirectoryIndex uses

11.	Adding MIME types

12.	Enable SSI with .htaccess

13.	Enable CGI outside of the cgi-bin

14.	Disable directory listings

15.	Setting server timezone

16.	Changing server signature

17.	Preventing access to your PHP includes files

18.	*Prevent access to php.ini*

19.	Forcing scripts to display as source code

20.	Ensuring media files are downloaded instead of played

21.	Setting up Associations for Encoded Files

22.	Preventing requests with invalid characters

23.	Useful Resources

Sponsors

Visitor Comments and Responses

Submit Comment/Rating