All geek questions in one place

Protect php files from direct access

Here's what the map of my website looks like:

root: -index.php -\actions\ (various php files inside and a .htaccess) - \includes\ (various php files inside and a .htaccess) - .htaccess

I know that if I use "deny from all" in actions and include directories, the files in them will be protected from direct access.

Now my actions folder contains many php files that index.php (forms) calls. I have "deny from all" in .htaccess inside \actions , but then I have restricted access to these files.

So, how can I protect files from direct access to the url, but has an exception that can be called from index.php ?

+4
source share
2 answers

The easiest way is to put the constant in index.php and check other php files if this constant exists. If not, let the script die.

index.php

 define('APP', true);

various.php

 if(!defined('APP')) die();
+6
source

If you want to block the use of .htaccess , then most likely the best way to add an exception is to add it to the same .htaccess file. If you want the PHP script to not work (but not be "visible"), just try to find a specific condition (for example, a session variable, constant) at the beginning of your scripts. If these scripts are not called in the β€œcorrect way”, this requirement will not be fulfilled, so it would be safe only to die() , and then

+1
source

Source: https://habr.com/ru/post/1488149/

More articles:


All Articles