Only allow script from server to access files

Question

Only allow script to run or get request from the PHP files on the web server.

• For eg. you have a file on your web-sever http://example.com/libs/comment.php
• Only allow other PHP,or JS file get request from this file (means run this file and perform desired result)
• If any user try a direct access to this file he/she will get error or 404 any other message

Here this comment.php is just an example. The libs folder contains lots of files, and the above applies to all of them. My preference is to use a .htacces method or a mode-rewrite of the folder like 666,777 etc. I know this is not a real questions aksing just to improve security make almost sercure sites.

Answer 1

Well, the simplest way to do this, is define a constant in your front controller (presumably, index.php):

define('SECURE', true);

Then, test for it at the beginning of any included file:

!defined('SECURE') and exit;

This will prevent any client side access (including calling assets from the page, via JavaScript, or src attributes; everything really)

Other provisions best be made for security, as recommended in other answers.