Reputation: 33956
How to make .PHP file only accessible to the server?
I created a cron job through goDaddy control center.
The cron job is in the folder "cron jobs".
I don't want anyone to be able to run it, how should I set the permissions of the folder so that it can't be publicly opened but it still can be used for the cron job?
Will unchecking Public > Read be enough to prevent anyone from running it?
Upvotes: 5
Views: 7103
Answers (5)
Reputation: 2327
Another possible solution if the file is meant to be used exclusively as an include() and not ran standalone by a user who enters it in the url.
Place this code at the top of the file you want to block direct calling of.
if(basename($_SERVER['PHP_SELF']) == 'blockedFile.php')
{
header('Location: ./index.php');
exit();
}
PHP checks if the file's name is the one being ran directly. If blockedFile.php were included in index.php with include() then basename($_SERVER['PHP_SELF']) would equal index.php. If it were standalone, it would equal blockedFile.php and send the user back to the index page.
Upvotes: 2
Reputation: 10781
One option that you have is to use the $_SERVER values to see if it is a web request or a cli request.
See http://php.net/manual/en/reserved.variables.server.php
I would look at checking to see if the $_SERVER['argv'] value is set at the start of your script(s). If it's not set then exit the script.
Alternatively you can check to see if $_SERVER['SERVER_ADDR'] is set, which would mean it's being executed by the webserver.
Note that I don't have a godaddy account handy to test this, so ensure you verify before going live.
Upvotes: 1
Reputation: 4060
In .htaccess add this.
<Location /cronjobs>
order deny,allow
deny from all
allow from 127.0.0.1
</Location>
I included allow from 127.0.0.1 so it can be run from the server, i.e. so the cron can still run.
Upvotes: 5
Reputation: 14113
Put it in a directory, and in that directory create a file called .htaccess with this inside:
<FILESMATCH "\.php$">
order deny,allow
deny from all
</FILESMATCH>
Now only the server can access PHP files inside that directory. Example, by include or require.
This is useful for keeping your MySQL password safe, you can put the connection function inside a PHP file in this "protected" directory and include it into your scripts.
Upvotes: 2
Reputation: 116110
Just put the files outside of the webroot/document root folder.
Upvotes: 9
Related Questions
- How to disallow PHP file requests from outside web server on shared hosting
- deny access of php file from url htaccess
- How to protect my php files on the server from being requested
- how to let only my server access to a webpage?
- Restricting direct access to php file
- restrict access on php file from all except one file
- Deny access to .php files apart from the server itself
- File readable & writable only by server php and not from client
- How to restrict access to a PHP file?
- PHP only allow server to access a PHP file