This is what the map of my website looks like:
root:
-index.php
-\actions\ (various php files inside and a .htaccess)
- \includes\ (various php files inside and a .htaccess)
- .htaccess
I know that if I use "deny from all" in actions and includes directories, the files in them will be secured from direct access.
Now, my actions folder has many php files that are called by index.php
(forms).
I have "deny from all" in .htaccess
inside \actions
, but then I have the forbiden access to that files.
So, how can I protect the files from direct url access but have the exception that can be called from index.php
?
The easiest way is to place a constant in the index.php and check in the other php files if this constant exists. If not, let the script die.
index.php
define('APP', true);
various.php
if(!defined('APP')) die();
If you want to block using .htaccess
then most likely the best way of adding the exception is to add it to the same .htaccess
file. If you want to prevent PHP script from working (but not from being "visible"), then simply look for certain condition (like session variable, constant) at the begining of your scripts. Unless these scripts are invoked "the right way", these requirement will not be ment, so it'd be safe to just die()
then
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With