Protect php files from direct access
Question
This is what the map of my website looks like:
root:
-index.php
-\actions\ (various php files inside and a .htaccess)
- \includes\ (various php files inside and a .htaccess)
- .htaccess
I know that if I use "deny from all" in actions and includes directories, the files in them will be secured from direct access.
Now, my actions folder has many php files that are called by index.php (forms). I have "deny from all" in .htaccess inside \\actions , but then I have the forbiden access to that files.
So, how can I protect the files from direct url access but have the exception that can be called from index.php ?
2 answers
solution1
6 ACCPTED 2013-06-25 18:38:22
The easiest way is to place a constant in the index.php and check in the other php files if this constant exists. If not, let the script die.
index.php
define('APP', true);
various.php
if(!defined('APP')) die();
solution2
1 2013-06-25 18:40:31
If you want to block using .htaccess then most likely the best way of adding the exception is to add it to the same .htaccess file. If you want to prevent PHP script from working (but not from being "visible"), then simply look for certain condition (like session variable, constant) at the begining of your scripts. Unless these scripts are invoked "the right way", these requirement will not be ment, so it'd be safe to just die() then
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.