Include File Dilema

I have the follwoing problem. My apache server is configured to not give directory listings. So in each site the default Index.php is searched for. However I use extra include files in main web root with the name of
extralibrary.inc
The problem arises that when I type in
http://www.domain.com/extralibrary.inc
the apache2 web server send the user the contents of that file which causes a serious security breach. How do I stop this ?


Zapperon
ewu@webmail.co.za

Comments

  • : I have the follwoing problem. My apache server is configured to not give directory listings. So in each site the default Index.php is searched for. However I use extra include files in main web root with the name of
    : extralibrary.inc
    : The problem arises that when I type in
    : http://www.domain.com/extralibrary.inc
    : the apache2 web server send the user the contents of that file which causes a serious security breach. How do I stop this ?
    :
    :
    : Zapperon
    : ewu@webmail.co.za
    :

    If these *.inc files are php files, simply rename them to *.inc.php then they will be processed by the php interpreter before the results are sent to the user, and since they are only libs, then nothing will be output and no results will be shown.

    Another alternative is to store the *.inc's outside the server directory, somewhere else in the computer where the user does not have access eg ../../../incs/your incs stored here. you simply use the ../../ pathname in your scripts, but using that in a browser will be futile, since it will simply resolve to the root directory.

    This should keep your inc's secure.

    ITA
    "Let us smite the evil slime eating hordes who may befall us on our quest to be the ultimate programmers of the known universe!"

  • Thank You
    Works 100%

    : : I have the follwoing problem. My apache server is configured to not give directory listings. So in each site the default Index.php is searched for. However I use extra include files in main web root with the name of
    : : extralibrary.inc
    : : The problem arises that when I type in
    : : http://www.domain.com/extralibrary.inc
    : : the apache2 web server send the user the contents of that file which causes a serious security breach. How do I stop this ?
    : :
    : :
    : : Zapperon
    : : ewu@webmail.co.za
    : :
    :
    : If these *.inc files are php files, simply rename them to *.inc.php then they will be processed by the php interpreter before the results are sent to the user, and since they are only libs, then nothing will be output and no results will be shown.
    :
    : Another alternative is to store the *.inc's outside the server directory, somewhere else in the computer where the user does not have access eg ../../../incs/your incs stored here. you simply use the ../../ pathname in your scripts, but using that in a browser will be futile, since it will simply resolve to the root directory.
    :
    : This should keep your inc's secure.
    :
    : ITA
    : "Let us smite the evil slime eating hordes who may befall us on our quest to be the ultimate programmers of the known universe!"
    :
    :



    Zapperon
    ewu@webmail.co.za

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories

In this Discussion