[RESOLVED] htaccess question

EPJS

I just realized people can put "php.ini" in their browser and read my file. So I denied access in .htaccess

<Files php.ini>
order allow,deny
deny from all
</Files>

But what I'd like is for them to not even know I have one. So rather than getting the 403 error, I'd like people to get a 404 error.

Is this possible?

NogDog

My recommendation would be for you to put the file in a directory outside of the web document root directory, thus obviating the problem entirely. But, if that's not possible, you could just redirect it to your 404 page, or a bogus filename that will throw a 404 error:

Redirect /php.ini http://www.yoursite.com/404.html

stolzyboy

is this on a personal server you setup or a hosting company... i shutter to think it's an actual host...

EPJS

NogDog wrote:
My recommendation would be for you to put the file in a directory outside of the web document root directory, thus obviating the problem entirely. But, if that's not possible, you could just redirect it to your 404 page, or a bogus filename that will throw a 404 error:
Redirect /php.ini http://www.yoursite.com/404.html

Thanks, I did just that 🙂 (with the 404) I can't do the outside of root for the reason I'll give below.

My host allows custom php.ini files, and they told me that the file has to be places in every directory I want to use it on. so if site.com/abc and site.com/xyz both want to use php.ini then I have to place a copy of the file in both the "abc" and "xyz" directories.

stolzyboy wrote:
is this on a personal server you setup or a hosting company... i shutter to think it's an actual host...

It's a hosted site, but most hosts I've used in the past don't even allow a custom php.ini file, at least this one does.