PHP: block browser requests

Question

My website build from many pages , those pages split to two categories , one the "html" files and the "core" files which contain the functions and the server-side code that the "html" file need , their both PHP files.

There is situation that the "core" files can be requested not from the "html" files and i want to block this.

i want that the "core" files will be only able to open only if the "html" files requested them , else it will show the 404 error , is that possible?

note*: i said earlier , the "html" and the "core" files are both PHP files.

thank you in advance!

Answer 1

Make an validation code in your Core.

Somehting like, validate a constant "html", if it's defined, then run the code, if not, then throw 404 error.

https://www.php.net/manual/pt_BR/function.constant.php

Other way is to block using htaccess if you are using apache server.

HTML (php file)

define('HTML');

Core (php file)

if(!defined('HTML')) { /* Display 404 error */ }

Answer 2

You could use an .htaccess to restrict access to the files in question.

eg. If the "core files" have a .php extension while all the others have .html you could add to .htaccess something like:

<Files ~ "\.php$">
Order allow,deny
Deny from all
</Files>

Or if all of your "core files" are in a directory you could limit access by entering

<Directory ~ "\core">
Order allow,deny
Deny from all
</Directory>

Remember to have AllowOveride All in order for apache to use the .htaccess you have specified.

Answer 3

You either control it through server settings or better move them out of your document root.