I am using apache server. Is there a way to prevent users from accessing my include files directly ? But only allow the server the access to those ?
Put them in a directory outside of the web root.
ie if index.php
is in /var/www/domain.com/www
, put the includes in /var/www/domain.com/includes
or something.
不要将包含文件放在文档根目录下(即apache交付给用户的文件树之外)。
Another way is to have the include files outside of the directory the site is served from. For example:
/
includes/somefile.php
http/index.php
So the Web site is served from http/, but includes are outside of that directory, meaning no one can access them directly from a Web browser, but your scripts can include them like this:
<?php
require_once '../includes/somefile.php';
[...]
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.