My university has multiple servers which have the same data mirrored across them, so I can access for instance
The thing is, not all servers have PHP installed, so anyone could possibly download my php files if they made the connection through a server which didn’t have PHP installed.
Is there a way, possibly with .htaccess to avoid this? As in, only allow opening PHP files if PHP server is installed?
If it’s possible to store files outside of the document root, you could work around the problem by storing all sensitive data outside the docroot. You would then have your publicly accessible scripts use
include to access those files.
So, if you upload to
public_html is your document root (eg,
/username/public_html/file.php), then you would upload to
/username/file.php instead and place another script in
/username/public_html which merely contains something like
This is good practice in any case, in case a configuration error on the server ever stops PHP from being parsed.
<IfModule !mod_php.c> <FilesMatch "\.php$"> Order Deny,Allow Deny from All </FilesMatch> </IfModule>
If this doesn’t work, try