Reputation: 57
Restrict direct access to .php files through browser and allow only index.php to access them
I have a script on my website allowing users to edit/create their account. I want to restrict direct access to the files through browser (ex.www.mydomain.com/cp/page/login.php or www.mydomain.com/cp/home.php) and allow only index.php to access these files. I tried with .htaccess but index.php cant access them. Also i can't move them out of public_html folder. Its not include folder. How i can achive that? Please let me now if you need something else.
Upvotes: 2
Views: 5464
Answers (2)
Reputation: 78974
One common way in PHP is to define something in index.php and check for it in the others:
//index.php
define('INDEX', true);
if(isset($_GET['page'])) {
if($_GET['page'] == 'home') {
include('cp/home.php');
}
}
//home.php
if(!defined('INDEX') { die(); }
//more code
Upvotes: 2
Reputation: 784878
One way of doing that is by using include or require calls from PHP:
include '/path/to/script.php';
include is handled by PHP on server side hence Apache blocks will not impact this.
Then you can keep your existing <Files> directives to block access to .php file:
<Files *.php>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Files>
<Files index.php>
Order Allow,Deny
Allow from all
</Files>
Upvotes: 5
Related Questions
- Block direct access to .php files, less the index.php file and ajax.php file
- Deny direct access to all .php files except index.php
- Prevent direct access to .php files in .htaccess
- PHP - how to prevent .php files from direct access
- .htaccess deny php files from all except index
- .htaccess deny access to just PHP files
- How to block access to all .php except index.php in root folder (via .htaccess)?
- Deny access to .php files apart from the server itself
- Protect php files from direct access
- .htaccess how can i allow access to pages only through the index.php page