How to deny direct access to website files but allow website files to access each other by include 'file.php'?

Question

How to deny direct access to website files if a user from out side want to open them with url but allow website files to access each other by include 'file.php' in php files.

I have a .htaccess file.Can I do this with this ?

Answer 1

You do this by having the PHP files outside of your webroot. Your scripts that actually need to be accessible need to be in or beneath your webroot. You typically see PHP projects these days that have a structure like this:

/projectname
            /app
            /src
            /web

The use of composer for dependency/component library management is the state of the art these days and if you are using it it will create other directories like vendor.

So your front controller or other web accessible scripts go into projectname/web and this is what you set your webroot to.

Your other scripts go into the /projectname/src.

Your include/require statements need a filesystem path, so you can reference them either via relative addressing or using a full path.

Typically people will have a bootstrapping include or use a front controller (everything goes through index.php) where include paths are setup. With component libraries you also want your class loader to be instantiated to resolve any libraries you might be using in your project.

Again the use of composer is highly recommended and will generate your class loader for you, and then it's just a matter of making sure it is included.

Answer 2

This .htaccess-file will only allow users to open index.php. Attempts to access any other files will result in a 403-error.

Order deny,allow Deny from all

<Files "index.php">
    Allow from all
</Files>

If you also want to use authentication for some of the files, you may simply add the content from your current file at the end of my example.