[英]PHP: prevent direct access to page
I have some pages that I don't want users to be able to access directly. 我有一些页面,我不希望用户直接访问。
I have this function I came up with which works: 我有这个功能,我想出了:
function prevent_direct_access()
{
if($_SERVER['REQUEST_URI'] == $_SERVER['PHP_SELF'])
{
//include_once('404.php');
header("Location: 404.php");
}
}
This does exactly what I want, the URL does not change but the content does. 这正是我想要的,URL不会更改,但是内容会更改。 However I am wondering if there is something I need to add to tell search engines that this is a 404 and not to index it. 但是我想知道是否需要添加一些内容来告诉搜索引擎这是404,而不是对其进行索引。 keep in mind I do not want the URL to change though. 请记住,我不想更改URL。
Thanks! 谢谢!
Don't redirect but send the 404 status code: 不要重定向,但发送404状态代码:
header($_SERVER['SERVER_PROTOCOL'].' 404 Not Found', true, 404);
exit;
for the search engines, if you return HTTP status 404 they should not index I believe. 对于搜索引擎,如果您返回HTTP状态404,我认为它们不应索引。 But you could always redirect to somewhere covered by a robots.txt 但是您始终可以重定向到robots.txt覆盖的某个位置
To ensure Search Engines don't index it, use a header()
command to send a 404 lke this; 为确保搜索引擎不会为其编制索引,请使用header()
命令发送404;
header("HTTP/1.0 404 Not Found");
Or put all such files in one folder, "includes" say, and add a "Deny /includes/" into your robots.txt file. 或将所有此类文件放在一个文件夹中,说“ includes”,然后在robots.txt文件中添加一个“ Deny / includes /”。 This way, you can also add a ".htaccess" file in the same directory with one line - "Deny From All" - this will tell Apache to block access (if apache is configured properly), for another layer of security. 这样,您还可以在同一目录中添加一行“ .htaccess”文件-“从所有人拒绝”-这将告诉Apache阻止访问(如果apache配置正确),以获得另一层安全性。
Just to clarify: 只是澄清一下:
(ie "direct" doesn't mean "except by following a link from another page on this site") (即“直接”并不意味着“除非通过跟踪此站点上另一个页面的链接”)
Just keep the PHP file outside the webroot. 只需将PHP文件保留在webroot 之外 。 That way it won't have a URL in the first place. 这样一来,它就不会有URL。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.