Reputation: 1361
Protect php files from direct access
This is what the map of my website looks like:
root:
-index.php
-\actions\ (various php files inside and a .htaccess)
- \includes\ (various php files inside and a .htaccess)
- .htaccess
I know that if I use "deny from all" in actions and includes directories, the files in them will be secured from direct access.
Now, my actions folder has many php files that are called by index.php (forms).
I have "deny from all" in .htaccess inside \actions, but then I have the forbiden access to that files.
So, how can I protect the files from direct url access but have the exception that can be called from index.php?
Upvotes: 5
Views: 5056
Answers (2)
Reputation: 75635
If you want to block using .htaccess then most likely the best way of adding the exception is to add it to the same .htaccess file. If you want to prevent PHP script from working (but not from being "visible"), then simply look for certain condition (like session variable, constant) at the begining of your scripts. Unless these scripts are invoked "the right way", these requirement will not be ment, so it'd be safe to just die() then
Upvotes: 1
Reputation: 1911
The easiest way is to place a constant in the index.php and check in the other php files if this constant exists. If not, let the script die.
index.php
define('APP', true);
various.php
if(!defined('APP')) die();
Upvotes: 8
Related Questions
- Prevent PHP code from executing if form was not submitted
- Disable direct access to php file
- Prevent direct access to .php files in .htaccess
- PHP - how to prevent .php files from direct access
- Prevent direct url access to files
- Deny direct access to files in folder
- Deny direct access to files using htaccess
- How to prevent direct access to files?
- Block direct access to PHP files
- Preventing direct access to php files