# Php.ini File Available Publicly

## Introduction

PHP's 'ini' file is exposed inside the 'cgi-bin' directory. This allows any unauthenticated remote user to discover sensitive information about your server(s), including database logins and passwords.

## How to Test

By default the php.ini file is stored in the public\_html folder on your server. When you visit your domain and add /php.ini at the end of it like the following:

`http://your-domaincom/php.ini`

You will see the contents of your PHP configuration available over the internet.

## How to Fix

To secure your php.ini settings so they are not publicly viewable, you can restrict access to the php.ini and other file types with the following code in your .htaccess.

```
<filesMatch ".(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">   
Order Allow,Deny   
Deny from all  
</filesMatch> 
```

You can add more file types to the restriction by separating each file type in the code with a | and adding the file extension without the ( . )

## Reference

[https://www.inmotionhosting.com/support/website/restrict-public-access-php-ini/  ](https://www.inmotionhosting.com/support/website/restrict-public-access-php-ini/)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://sumeru.gitbook.io/sumeru-cyber-security/common-vulnerabilites/php.ini-file-available-publicly.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.