I have three pages:
index.html
getjavascript.php?id=index
index.js
index.html includes the script
'getjavascript.php?id=index'
and getjavascript dynamically gets the script index.js.
Is there any way to prevent external users from directly accessing
getjavascript.php
using PHP?
index.js is in a hidden location.
Thanks,
I'm assuming that index.html contains an include similar to the snippet below (assumption is that we're doing a client-side pull of this javascript).
<script type="text/JavaScript" src="getjavascript.php?id=index" />
If your intent is to hide secrets within the javascript file, there is no way of stopping a user from retrieving the contents. They can trivially use developer tools to view the contents. Furthermore, because the browser needs to download the file, there's not really a way to distinguish between a user accessing directly versus a browser retrieving this file.
If your intent is to obfuscate the fact that your server is using PHP, you can use mod_rewrite
to remove the extension.
Server side includes are a different story and modifications to .htaccess
or moving this file outside of your webroot directory would work.
It's possible by using htaccess.
Redirect /getjavascript.php http://example.com/newdirectory/
Now I see two ways to solve your problem
Put the include script outside of the document root. For example, if you have your root in public_html
, create a folder outside public_html
to put your included files in. That way, your script can read them but random people on the internet can't.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.