Deny access to config files using .htaccess

Deny access to config files using .htaccess

On problem that can occur with using commercial scripts, especially scripts that uses an SQL database, is that hackers and nasties know what config files are and what SQL injection can be used. To access the database a common file is used to store the database login information. This normally is named config.php, vars.php, database.php or db.php and with common information it’s easy for the hacker to read it.

Although there are other methods of securing your scripts (other articles), this one deals with creating a simple .htaccess file to deny access to the config file:

First, locate your file that contains your database settings. In our example the file is config.php
Next open (or create an .htaccess file in the config files directory or your root www directory (public_html) for cpanel and add the following:

<files google_config.php>
order allow,deny
deny from all
</files>

This can be added for any other files such as includes or other config files, change the config.php to the file you want to prevent aces to).



Leave a Reply

© Copyright Sellopolis (Formerly Prozilla Turnkey Websites) 2002-2011. All rights reserved. | Original Theme by Elegant Themes. Modified by Sellopolis
Calgary Painters | Airdrie Painters | Calgary Corporate Catering