I am working on an old project.
The database credentials are stored as JSON in web root in a file like .my_secret and configurations are stored in .my_config – A PHP script reads these files and uses the data for connecting to the database and retrieving other settings.
If someone tries to access this file, I want to throw a 404 error, file not found.
How can I do this using only
.htaccess? I don’t want to use
I tried to move the files outside the web root, but I encountered an
open_basedir restriction in effect
You can simply create a rewrite rule for these files that points to a 404 file:
ErrorDocument 404 /404.php RewriteRule ^(\.my_config|\.my_secret) 404.php [L,nc]
In the 404.php file you can output 404 headers like this:
<?php header('HTTP/1.0 404 Not Found');