Asked  2 Years ago    Answers:  5   Viewed   637 times

Here is the scenario:

  • There is a index.php file in root folder
  • some files are included in index.php which are in the includes folder.
  • 1 other file (submit.php) is in the root folder for form submit action.

I want to restrict direct user access to the files in includes folder by htaccess. also for submit.php. But include will work for index.php file. Like, if user types, it will restrict it (may be redirect to a error page).



I would just move the includes folder out of the web-root, but if you want to block direct access to the whole includes folder, you can put a .htaccess file in that folder that contains just:

deny from all

That way you cannot open any file from that folder, but you can include them in php without any problems.

Thursday, August 11, 2022

Better to have separate clean rules. Put this code in your DOCUMENT_ROOT/.htaccess file:

RewriteEngine On

RewriteRule ^index.php$ - [L]

RewriteRule ^([^/]+)/?$ /index.php?page=$1 [L,QSA]

RewriteRule ^([a-z]{2})/([^/]+)/?$ /index.php?page=$2&lang=$1 [L,QSA]

RewriteRule ^([a-z]{2})/([^/]+)/([0-9]+)/?$ /index.php?page=$2&lang=$1&article=$3 [L,QSA]

RewriteRule ^([^/]+)/([0-9]+)/?$ /index.php?page=$1&article=$2 [L,QSA]
Wednesday, August 17, 2022

There are lots of solutions, but basically you need to generate the page only if the session is valid. If not valid, shunt user to a non-access display. If you have this and it seems not to work, perhaps you should post some code.

Sunday, November 13, 2022

This is fairly tricky stuff but can be done using following Rewrite rules:

RewriteEngine On

# first replace each _ by - recursively
RewriteRule ^(item)/([^_]*)_(.*)$ /$1/$2-$3 [L,NC]

# now usual stuff to forward request to static/item.php
RewriteRule ^(item)/([^_/]*)/?([^_/]*)/?$ static/$1.php?a=$2&b=$3 [L,QSA,NC]
Friday, September 9, 2022

Check my blog post about this: How to hide users files and folders on your website?

There are two solutions for doing that:

1- You can put your “UsersUploads” folder outside the website directory, so if your website exist on “” you can put the “UsersUploads” there “c:UsersUploads”, Like that IIS has no control over this folder and its files, And your website code will still have access to this directory as a normal physical path.

2- Stop IIS from serving this folder:

IIS by default doesn’t server some website folders and files such App_Data, App_Code, bin, App_GlobalResourses, App_LocalResources, Web.config,….

Wednesday, October 5, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :

Browse Other Code Languages