I would like to know if there's any good practices to protect (under an nginx server) PHP files from being downloaded if the PHP service fails, which would make the PHP files downloadable instead of executed.
Asked
Active
Viewed 35 times
0
-
As far as I'm aware if set a handler for PHP files and the handler fails the server will forward the error. The download will happen if the server configuration is somehow not read but in that case the server probably won't serve anything at all. – apokryfos Apr 11 '18 at 13:04
-
1You should put application outside of the document root. Just have an index file that requires the bootstrap file for your application and use a router to handle requests to different urls. Then there's no direct access to any of your PHP files (except your index file, obviously). – M. Eriksson Apr 11 '18 at 13:06