PHP script protection

I had a terrifying issue a few days ago. I was installing updates on my ubuntu server, which is a hosts for about 10 websites. During the update, something went wrong, and apaches mod_php became disabled. As a result, PHP support was gone, and for a few minutes (until I figured what's wrong) users got an invitation to download PHP scripts, instead of seeing a website. Needless to say, there is nothing worse then exposing your script sources to the whole world, especially when database credentials are kept inside.

The question: How can I configure apache, so this situation would not be possible in the future? What lines should I add to apache2.conf, so that PHP files could not be downloaded, if mod_php is disabled?

Answers


Just add the following to the .htaccess in the root directory

php_admin_flag engine on

In this case user will get HTTP 500 error trying to read any file from this dir and below because no module defines php_admin_flag directive in case mod_php is off.


Need Your Help

python nose xunit report file is empty

python jenkins nose xunit

I have a problem running nose tests and get results inside Jenkins.

Need help designing ERD for food bank

mysql sql erd

This is my first project outside of school so I'm rusty and lacking practice.