Asked  2 Years ago    Answers:  5   Viewed   637 times

Here is the scenario:

  • There is a index.php file in root folder
  • some files are included in index.php which are in the includes folder.
  • 1 other file (submit.php) is in the root folder for form submit action.

I want to restrict direct user access to the files in includes folder by htaccess. also for submit.php. But include will work for index.php file. Like, if user types www.domain.com/includes/somepage.php, it will restrict it (may be redirect to a error page).

 Answers

3

I would just move the includes folder out of the web-root, but if you want to block direct access to the whole includes folder, you can put a .htaccess file in that folder that contains just:

deny from all

That way you cannot open any file from that folder, but you can include them in php without any problems.

Thursday, August 11, 2022
3

Better to have separate clean rules. Put this code in your DOCUMENT_ROOT/.htaccess file:

RewriteEngine On

RewriteRule ^index.php$ - [L]

RewriteRule ^([^/]+)/?$ /index.php?page=$1 [L,QSA]

RewriteRule ^([a-z]{2})/([^/]+)/?$ /index.php?page=$2&lang=$1 [L,QSA]

RewriteRule ^([a-z]{2})/([^/]+)/([0-9]+)/?$ /index.php?page=$2&lang=$1&article=$3 [L,QSA]

RewriteRule ^([^/]+)/([0-9]+)/?$ /index.php?page=$1&article=$2 [L,QSA]
Wednesday, August 17, 2022
 
2

There are lots of solutions, but basically you need to generate the page only if the session is valid. If not valid, shunt user to a non-access display. If you have this and it seems not to work, perhaps you should post some code.

  • http://www.astahost.com/info.php/simple-user-validation-script_t14857.html
  • http://www.puremango.co.uk/2004/12/php_pass_81
Sunday, November 13, 2022
 
2

This is fairly tricky stuff but can be done using following Rewrite rules:

RewriteEngine On

# first replace each _ by - recursively
RewriteRule ^(item)/([^_]*)_(.*)$ /$1/$2-$3 [L,NC]

# now usual stuff to forward request to static/item.php
RewriteRule ^(item)/([^_/]*)/?([^_/]*)/?$ static/$1.php?a=$2&b=$3 [L,QSA,NC]
Friday, September 9, 2022
 
1

Check my blog post about this: How to hide users files and folders on your website?

There are two solutions for doing that:

1- You can put your “UsersUploads” folder outside the website directory, so if your website exist on “c:websiteexample.com” you can put the “UsersUploads” there “c:UsersUploads”, Like that IIS has no control over this folder and its files, And your website code will still have access to this directory as a normal physical path.

2- Stop IIS from serving this folder:

IIS by default doesn’t server some website folders and files such App_Data, App_Code, bin, App_GlobalResourses, App_LocalResources, Web.config,….

Wednesday, October 5, 2022
 
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :
 

Browse Other Code Languages