CODEWITHSUNDEEP
phpapachehttpfile-permissionsweb-hosting
Shawn A
Shawn A

Reputation: 107

How to disallow PHP file requests from outside web server on shared hosting

In the situation where you have a Shared Hosting plan with a provider like GoDaddy without full access to the server, is there anything i can do to disallow outside HTTP requests for *.php files?

If anyone has experience with shared hosting or with GoDaddy specifically that would be appreciated. Im with GoDaddy and the only thing i can try is to mess with User/Group/World permissions of a php file, but no combinations enables server-only access to a file. And, obviously, i don't have access to the apache server's config file which is the easiest solution.

Upvotes: 0

Views: 148

Answers (1)

user2182349
user2182349

Reputation: 9782

outside HTTP requests for *.php files

I'll interpret this as requests from outside a set of people you're willing to share the pages with. You want to limit access to your site.

Easiest approach -

Use an .htaccess file in DocumentRoot that limits access by IP address (if you are willing to force all the people who use the files to work from a limited set of IP addresses)

https://httpd.apache.org/docs/current/howto/htaccess.html

For Apache 2.2, in the .htaccess file, put 

Order Deny,Allow
Deny from all
Allow from 1.2.3.4

For Apache 2.4, use

Require ip 1.2.3.4

Another quick solution would be to password protect the directory with the .php files. The configuration would look something like this:

AuthType Basic
AuthName "Restricted Files"
# (Following line optional)
AuthBasicProvider file
AuthUserFile "/usr/local/apache/passwd/passwords"
Require user goodguy

https://httpd.apache.org/docs/current/howto/auth.html#lettingmorethanonepersonin

You may want to find hosting with SSH access to give you more control.

Upvotes: 1

Related Questions