stackoom
  简体   繁体   中英

How can I prevent users from accessing include files?

 原文  2011-10-09 16:44:09       php/ apache/ include

Question

I am using apache server. Is there a way to prevent users from accessing my include files directly ? But only allow the server the access to those ?

3 answers

solution1
 2  2011-10-09 16:48:53

Put them in a directory outside of the web root.

ie if index.php is in /var/www/domain.com/www , put the includes in /var/www/domain.com/includes or something.

solution2
 2  2011-10-09 16:50:03

不要将包含文件放在文档根目录下(即apache交付给用户的文件树之外)。

solution3
 2 ACCPTED  2011-10-09 16:52:02

Another way is to have the include files outside of the directory the site is served from. For example: 

/
    includes/somefile.php
    http/index.php

So the Web site is served from http/, but includes are outside of that directory, meaning no one can access them directly from a Web browser, but your scripts can include them like this: 

<?php
require_once '../includes/somefile.php';
[...]

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I prevent “include files” from being seen by users? How to prevent users from accessing files on server? How to prevent users from accessing files directly from url? How do I prevent users from accessing other users records? How can I prevent two users from accessing MySQL table at the same time? how do i prevent logged in users from accessing the login page? How to prevent users from accessing admin pages Prevent people from accessing your classes and include files directly Prevent users from accessing php files by typing it directly how to prevent plugin from accessing config files
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM