All geek questions in one place

Permission only to the local host to access the folder where all included php files exist

We all have php files such as "connect_db.php" for inclusion purposes only.

Suppose I have all these included .php files in "www / html / INC"

And I have index.php

I want index.php to be accessible from the browser to everyone, but I want to prevent users from directly accessing the www / html / INC folder. (for example, when entering in the browser "www.domain.com/INC/" → 404 errors, etc.)

How do I achieve this?

It is preferable to use the .htaccess file in the root directory.

+6
source share
5 answers

How do I achieve this?

not to do. According to my previous answer , it is much safer to put connect_db.php in / www / rather than in / www / html / INC /. If you do this, you will use /www/html/.htaccess:

<Directory "/www/html/INC"> order allow,deny deny from all </Directory>
+5
source

Sort of

 <Directory /INC> Order deny,allow Deny from all Allow from 127.0.0.1 </Directory>

must work.

+10
source

Google searches brought me here, so I decided that today I would publish what I found in apache docs . I'm not sure which apache versions are available, but search your version to check.

Now you can just use Require local . I would recommend placing .htaccess in the folder from which you want to restrict access, only with this line. However, if you must do this in the root directory, then this is what it will be:

 <Directory "www/html/INC"> Require local </Directory>
+3
source

Starting with Apache 2.4, Require is the way to go.

eg. the following prohibits access to the directory /www/html/INC anyone other than localhost :

 <Directory "/www/html/INC"> Require all granted Require ip 127.0.0.1 </Directory>
+2
source

Move connect_db.php to a higher level in the directory tree than the public directory.
And all scripts that also should not be executable.

/home/user/project/incs/ - here are your inclusive scripts
/home/user/project/www/html - here are your index.php and other executable scripts.

+1
source

Source: https://habr.com/ru/post/889944/

More articles:


All Articles