Protecting NinjaFirewall's PHP INI file.

by

NinTechNet


If your installation of NinjaFirewall requires a PHP INI file (php.ini, .user.ini, php5.ini) you may need to deny access to it, depending on your webserver configuration.


Apache HTTP server

You can edit (or create) the .htaccess file located inside the same directory as your INI file:

<IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteRule \.ini$ - [F,L]
</IfModule>

Note: There is no need to protect the .htaccess, because Apache will never serve a file whose name starts with .ht.


Nginx HTTP server

Edit your vhost configuration file and add the following directive inside the server{...} section:

server {
...
   location ~ \.ini$ {
      return 444;
   }
...
}

Note: 444 is a special nginx's non-standard code that will shut down the connection without returning any HTTP response.

Reload your Nginx server:

service nginx reload



NinjaMonitoring

Website Monitoring
for just $4.99 per month.



NinjaFirewall

Web Application Firewall
for PHP and WordPress.



NinjaRecovery

Malware removal
and hacking recovery.

Table of contents