Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to prevent PHP files from being downloaded? And what are some ways someone can download them?

Tags:

security

php

.htaccess

How do i prevent php files from being downloaded "illegally" like through the browser. And what are some ways someone can use to download the php files?

like image 396
AAA Avatar asked Sep 13 '10 18:09

AAA

People also ask

Why are PHP files downloading?

This is normally due to an improper handler code. In the . htaccess file, you will want to ensure the handler code matches your version of php. If it does not, the php files may try to download instead of process.

Can PHP files be downloaded?

Generally, no PHP script is required to download a file with the extensions exe and zip. If the file location of this type of file is set in the href attribute of the anchor element, then the file automatically downloads when the user clicks on the download link.

How do I block direct access to a .PHP page?

The best way to prevent direct access to files is to place them outside of the web-server document root (usually, one level above). You can still include them, but there is no possibility of someone accessing them through an http request.

Are .PHP files safe?

PHP is as secure as any other major language. PHP is as secure as any major server-side language. With the new PHP frameworks and tools introduced over the last few years, it is now easier than ever to manage top-notch security.

1 Answers

You can't really avoid files from being downloaded if your application is not secure. The following example allows a malicious user to view any file on your server:

<?php
readfile($_GET['file']);
?>

If you want to prevent Apache from exposing the source code if something is wrong with PHP, add this in your httpd.conf / .htaccess:

# In case there is no PHP, deny access to php files (for safety)
<IfModule !php5_module>
    <FilesMatch "\.(php|phtml)$">
        Order allow,deny
        Deny from all
    </FilesMatch>
</IfModule>
# the following should be added if you want to parse .php and .phtml file as PHP
# .phps will add syntax highlighting to the file when requesting it with a browser
<IfModule php5_module>
    AddType text/html .php .phtml .phps
    AddHandler application/x-httpd-php .php .phtml
    AddHandler application/x-httpd-php-source .phps
</IfModule>
like image 187
Lekensteyn Avatar answered Nov 11 '22 22:11

Lekensteyn
Sign in to Comment

Related questions

Doctrine2 ORM doesn't refresh objects that are altered outside of a script
Explode to array and print each element as list item
php RecursiveDirectoryIterator: how to exclude directory paths with a dot and double dots?
How to get product attribute value in magento
Docker gd module for PHP 7
Run composer dump-autoload from controller in laravel 5
Graph returned an error: Can't Load URL: The domain of this URL isn't included in the app's domains
* failed to open vchiq instance
Changing Laravel 5.4 password encryption and table column names
How to check if a variable has data in laravel blade
Getting 500 server error with Laravel 5.7 on Windows [closed]
Class 'Form' not found in Laravel 7
What's needed for PHP's mcrypt_decrypt()?
How to create an array from output of var_dump in PHP?
Should I use Perl or PHP or something else for this project?
Variable Operators in PHP
What's the best method to protect login cookie data in PHP?
How to check whether every character is alpha-numeric in PHP?
In PHP how do i write: IS NOT SMALLER THAN
Finding similar number patterns in table

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!