Skip to Content About Archive Belief Contact Pudding Search

php tip: securing .inc include files


Sunday, August 17, 2008

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

just a quick tip for anyone using .inc files via apache.

add the following to your apache configuration to prevent viewing of .inc files via the web. This will not prevent php from including the files locally

<FilesMatch "\.inc$">
Deny From All
</FilesMatch>

There ya go, now feel free to use .inc files as much as you’d like. Also an fyi - I recommend using .php instead of .inc, security wise a few configuration changes will make both extensions about the same. Mainly it’s for developers. Some developer tools treat .inc differently than .php. So to keep it easier for the developer .php is recommended, but not required.

elsid out

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
Might Be Related
By admin Posted in php, programming You can follow any responses to this entry through the RSS 2.0 feed You can leave a response, or trackback from your own site.

Leave a Reply


In order to submit a comment, you need to mention your name and your email address (which won't be published). And ... don't forget your comment!

Comment Form