Reputation: 5027
Deny access to .php files apart from the server itself
How can I write a .htaccess script that prevents the user from running .php files in a certain directory and it's child directories?
I would need to be able to include the php file from the servers index.php or other files though, basically I want to enable to the server to to include the php files from a certain directory but, if the user were to type in the specific URL, it would deny access.
Upvotes: 0
Views: 177
Answers (2)
Reputation: 4079
I usually do something like this:
If I want a user to access a file, say members.php or index.php
<?php
$GLOBAL_PAGE="page name"; //set the 'visible' flag
include_once 'headers.php'
...
?>
In headers.php:
<?php
if(!page_is_authorized($GLOBAL_PAGE))
//redirect to a valid page
header( 'Location: index.php' );
....
?>
where page_is_authorized($s) checks $s against a list of valid values.
I know this doesn't use .htaccess rules as you requested but I usually don't have access to that file so there goes. It's portable too!
Upvotes: 0
Reputation: 33551
This could do the trick
<FilesMatch "\.php$">
Deny from all
<FilesMatch>
Also, see the answers to this question: Deny direct access to all .php files except index.php
Upvotes: 1
Related Questions
- Deny direct access to all .php files except index.php
- Block access to PHP file using .htaccess
- Prevent direct access to .php files in .htaccess
- htaccess deny access to all php files except specific one
- PHP - how to prevent .php files from direct access
- deny access of php file from url htaccess
- Deny access to all PHP files in a directory using .htaccess
- .htaccess deny access to just PHP files
- restrict access on php file from all except one file
- Prevent access to files from Apache without .htaccess