Home/ Questions/Q 8896059
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T23:56:48+00:00

My university has multiple servers which have the same data mirrored across them, so

  • 0

My university has multiple servers which have the same data mirrored across them, so I can access for instance

foo.uni.edu/file.php
bar.uni.edu/file.php

The thing is, not all servers have PHP installed, so anyone could possibly download my php files if they made the connection through a server which didn’t have PHP installed.
Is there a way, possibly with .htaccess to avoid this? As in, only allow opening PHP files if PHP server is installed?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If it’s possible to store files outside of the document root, you could work around the problem by storing all sensitive data outside the docroot. You would then have your publicly accessible scripts use include to access those files.

    So, if you upload to /username/public_html, and public_html is your document root (eg, foo.uni.edu/file.php is /username/public_html/file.php), then you would upload to /username/file.php instead and place another script in /username/public_html which merely contains something like include('../file.php');

    This is good practice in any case, in case a configuration error on the server ever stops PHP from being parsed.

    You could also try using IfModule and FilesMatch to deny access to PHP files if mod_php isn’t enabled:

    <IfModule !mod_php.c>
    <FilesMatch "\.php$">
        Order Deny,Allow
        Deny from All
    </FilesMatch>
</IfModule>

    If this doesn’t work, try !mod_php5.c instead.

    • 0