- This cannot be disabled because of developers policy, even though they could easily resolve this.
- This can only be worked around by using a reverse proxy server (for example Nginx) at a cost of complexity and performance, or manually modifying and recompiling the source code, or binary patching the executable files.
Leaks PHP source code if lacking PHP module
This can happen easily while upgrading a Linux system and using 'sudo apt-get autoremove' to get rid of 'unused' packages which are not properly marked as required, or during upgrade from PHP 5 to PHP 7.0. Workaround:
# Add extra security by preventing access to PHP source code in case of troubles with PHP module.
# (caution if using only 'sudo service apache2 reload' rather than 'sudo service apache2 restart'!).
# source: https://stackoverflow.com/questions/3703449/how-to-prevent-php-files-from-being-downloaded-and-what-are-some-ways-someone-c
Require all denied
'apache2' is a highly configurable and very stable web server. Unfortunately it does not put the user in ultimate control of what is output to the network, but rather the developers/source code compilers.