Protecting NinjaFirewall’s PHP INI file.

If your installation of NinjaFirewall requires a PHP INI file (php.ini, .user.ini, php5.ini) you may need to deny access to it, depending on your webserver configuration.

Apache HTTP server

You can edit (or create) the .htaccess file located inside the same directory as your INI file:

<IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteRule \.ini$ - [F,L]

Nginx HTTP server

Edit your vhost configuration file and add the following directive inside the server{...} section:

server {
   location ~ \.ini$ {
      return 444;

Note: “444” is a special nginx’s non-standard code that will shut down the connection without returning any HTTP response.

Reload your Nginx server:

# service nginx reload