Reputation: 93
Use htaccess to allow POST, but block browsing PHP files
I have a directory with PHP files I do not want anonymous users to view or bots to index. However, I do want anonymous HTTP POST request-resposes to the PHP files to work (i.e. from other PHP forms on various websites).
Will it be this?
<Limit POST GET>
allow from all
</Limit>
<files "*.php">
deny from all
</files>
My PHP script processes posted data and then performs a POST to another web-service. Will the .htaccess block post-response communications from the protected PHP script?
Upvotes: 0
Views: 2054
Answers (2)
Reputation: 91762
I don't know if you can do that with an .htaccess file (you probably can, but I've never done it...), but if you have publicly accessible php files that you only want to post to, you can use something like this in every script:
if ($_SERVER['REQUEST_METHOD'] === 'POST')
{
// post request, do your stuff
}
else
{
// not a post request, redirect, show error message, etc.
}
Upvotes: 0
Reputation: 3763
You don't need to do anything. PHP can't be viewed from outside. At all. The only way to see PHP code is to somehow gain access to the computer on which it is held: this is because PHP is parsed and executed by the server to generate the HTML which is shown to the client. In other words, as long as someone has not hacked into your actual server computer, they can't see your PHP.
Upvotes: 2
Related Questions
- Block access to PHP file using .htaccess
- Prevent direct access to .php files in .htaccess
- deny access of php file from url htaccess
- .htaccess deny php files from all except index
- How to forbid HTTP access to PHP files?
- Block direct HTTP access to a PHP File
- .htaccess deny access to just PHP files
- How to block direct requests to php files in specified directory?
- Prevent access to files from Apache without .htaccess
- PHP htaccess - allow disallow