Asked  7 Months ago    Answers:  5   Viewed   42 times

Here is the scenario:

  • There is a index.php file in root folder
  • some files are included in index.php which are in the includes folder.
  • 1 other file (submit.php) is in the root folder for form submit action.

I want to restrict direct user access to the files in includes folder by htaccess. also for submit.php. But include will work for index.php file. Like, if user types www.domain.com/includes/somepage.php, it will restrict it (may be redirect to a error page).

 Answers

73

I would just move the includes folder out of the web-root, but if you want to block direct access to the whole includes folder, you can put a .htaccess file in that folder that contains just:

deny from all

That way you cannot open any file from that folder, but you can include them in php without any problems.

Wednesday, March 31, 2021
 
lena
answered 7 Months ago
69

Better to have separate clean rules. Put this code in your DOCUMENT_ROOT/.htaccess file:

RewriteEngine On

RewriteRule ^index.php$ - [L]

RewriteRule ^([^/]+)/?$ /index.php?page=$1 [L,QSA]

RewriteRule ^([a-z]{2})/([^/]+)/?$ /index.php?page=$2&lang=$1 [L,QSA]

RewriteRule ^([a-z]{2})/([^/]+)/([0-9]+)/?$ /index.php?page=$2&lang=$1&article=$3 [L,QSA]

RewriteRule ^([^/]+)/([0-9]+)/?$ /index.php?page=$1&article=$2 [L,QSA]
Wednesday, March 31, 2021
 
Bharanikumar
answered 7 Months ago
52

There are lots of solutions, but basically you need to generate the page only if the session is valid. If not valid, shunt user to a non-access display. If you have this and it seems not to work, perhaps you should post some code.

  • http://www.astahost.com/info.php/simple-user-validation-script_t14857.html
  • http://www.puremango.co.uk/2004/12/php_pass_81
Wednesday, March 31, 2021
 
Muazam
answered 7 Months ago
78

This is fairly tricky stuff but can be done using following Rewrite rules:

RewriteEngine On

# first replace each _ by - recursively
RewriteRule ^(item)/([^_]*)_(.*)$ /$1/$2-$3 [L,NC]

# now usual stuff to forward request to static/item.php
RewriteRule ^(item)/([^_/]*)/?([^_/]*)/?$ static/$1.php?a=$2&b=$3 [L,QSA,NC]
Saturday, May 29, 2021
 
Owen
answered 5 Months ago
50

Check my blog post about this: How to hide users files and folders on your website?

There are two solutions for doing that:

1- You can put your “UsersUploads” folder outside the website directory, so if your website exist on “c:websiteexample.com” you can put the “UsersUploads” there “c:UsersUploads”, Like that IIS has no control over this folder and its files, And your website code will still have access to this directory as a normal physical path.

2- Stop IIS from serving this folder:

IIS by default doesn’t server some website folders and files such App_Data, App_Code, bin, App_GlobalResourses, App_LocalResources, Web.config,….

Thursday, July 29, 2021
 
inVader
answered 3 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :