RE: [PHP] how do i hide my .inc files in apache??
My vote is still just for include files to have a standard (already accepted) extension. I think you may be missing the point on this one. The question wasn't what to name included files but how to stop apache parsing or showing the contents of the include files. The obvious solution of course is to have the included files outside the web tree. M@ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] how do i hide my .inc files in apache??
if they are called the same then you can add them ... how? good question ... how is .htaccess added.. the same way. there, in httpd.conf you can select which files not to show wit h, i think regular expression.. if you don't have the access to httpd.conf, or simply do not wish to use it, then just put a dot (.) infront the files you wich to hide, they won't be then shown.. (if apache is configured that way, it is usually the default installation) but, the best way, as you sayd is to have the whole library outside (better parralel) directory of your www root. or password protect a folder with them all with .htaccess or use .htaccess to not to show them anymore... Cheers, Maxim Maletsky -Original Message- From: Matt Williams [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 18, 2001 5:48 PM To: Php-General@Lists. Php. Net Subject: RE: [PHP] how do i hide my .inc files in apache?? My vote is still just for include files to have a standard (already accepted) extension. I think you may be missing the point on this one. The question wasn't what to name included files but how to stop apache parsing or showing the contents of the include files. The obvious solution of course is to have the included files outside the web tree. M@ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] how do i hide my .inc files in apache??
Combine these options: http://httpd.apache.org/docs/mod/mod_access.html#allow http://httpd.apache.org/docs/mod/core.html#files to exclude access to anything matching *.inc. The safest/easiest thing is to move the files outside of the document path and add that directory to your php include path. That way you're not relying on a special apache configuration if you were to move to a new server, etc...your files could become inadvertently unprotected. - Tim http://www.phptemplates.org can anyone tell me how i get apache to never send out the contents of my include files (*.inc) to users? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] how do i hide my .inc files in apache??
don't name them .inc files. Name them blahblah.inc.php or something that will be parsed, and therefore not just gurped up by the server. blest, jeremy -- Jeremy Kelley [EMAIL PROTECTED] pgp keyid 0xAECBA355 Phil 1:21 www.ganooz.com Car pour moi, la vie c'est le Christ, et la mort est un gain. -Original Message- From: Jamie Burns [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 17, 2001 13:48 To: [EMAIL PROTECTED] Subject: [PHP] how do i hide my .inc files in apache?? hi.. can anyone tell me how i get apache to never send out the contents of my include files (*.inc) to users? i dont want my source sode to be visible to browsers. thanks, jamie. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] how do i hide my .inc files in apache??
move them out of your apache docroot. /usr/local/apache/htdocs/blah.php includes /usr/local/apache/include/hoo.inc _a -- Alex Black, Head Monkey [EMAIL PROTECTED] The Turing Studio, Inc. http://www.turingstudio.com vox+510.666.0074 fax+510.666.0093 Saul Zaentz Film Center 2600 Tenth St Suite 433 Berkeley, CA 94710-2522 From: [EMAIL PROTECTED] ("Matt Williams") Newsgroups: php.general Date: 17 Jan 2001 05:58:59 -0800 Subject: RE: [PHP] how do i hide my .inc files in apache?? Files *.inc Order allow,deny Deny from all /Files in either your httpd.conf or a .htaccess file will deny users access to your *.inc files M@ -Original Message- From: Jon Haworth [mailto:[EMAIL PROTECTED]] Sent: 17 January 2001 13:01 To: 'Jamie Burns' Cc: '[EMAIL PROTECTED]' Subject: RE: [PHP] how do i hide my .inc files in apache?? I take it you're talking about normal html .inc files, and not the PHP include() function? If so, this is well off-list, try the comp.infosystems.www.servers heirarchy for this sort of thing. But... You can't, AFAIK. The whole *point* of an include file is that the entire contents of that file are included in whatever document you call it from. You use them for holding repetitive information that you don't want to type out for every page, such as a footer, eg: pThis page is copyright blah blah blah/p pa href="mailto:[EMAIL PROTECTED]"E-mail the webmaster/a/p would be a candidate for a .inc file. If I have completely missed the point, please forgive me. Cheers Jon -Original Message- From: Jamie Burns [mailto:[EMAIL PROTECTED]] Sent: 17 January 2001 12:48 To: [EMAIL PROTECTED] Subject: [PHP] how do i hide my .inc files in apache?? hi.. can anyone tell me how i get apache to never send out the contents of my include files (*.inc) to users? i dont want my source sode to be visible to browsers. thanks, jamie. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] how do i hide my .inc files in apache??
I could be mistaken here, but last I checked you could include files outside of the document root. Can't get much more secure then that and you don't have to mess with the Apache rewrite engine, which is known for slowing things down. --Jon At 02:02 PM 1/17/01 +, Matt Williams wrote: Files *.inc Order allow,deny Deny from all /Files in either your httpd.conf or a .htaccess file will deny users access to your *.inc files M@ -Original Message- From: Jon Haworth [mailto:[EMAIL PROTECTED]] Sent: 17 January 2001 13:01 To: 'Jamie Burns' Cc: '[EMAIL PROTECTED]' Subject: RE: [PHP] how do i hide my .inc files in apache?? I take it you're talking about normal html .inc files, and not the PHP include() function? If so, this is well off-list, try the comp.infosystems.www.servers heirarchy for this sort of thing. But... You can't, AFAIK. The whole *point* of an include file is that the entire contents of that file are included in whatever document you call it from. You use them for holding repetitive information that you don't want to type out for every page, such as a footer, eg: pThis page is copyright blah blah blah/p pa href="mailto:[EMAIL PROTECTED]"E-mail the webmaster/a/p would be a candidate for a .inc file. If I have completely missed the point, please forgive me. Cheers Jon -Original Message- From: Jamie Burns [mailto:[EMAIL PROTECTED]] Sent: 17 January 2001 12:48 To: [EMAIL PROTECTED] Subject: [PHP] how do i hide my .inc files in apache?? hi.. can anyone tell me how i get apache to never send out the contents of my include files (*.inc) to users? i dont want my source sode to be visible to browsers. thanks, jamie. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]