parka Posted June 3, 2008 Share Posted June 3, 2008 How can I prevent access to a directory when users type in the URL address? E.g. Users should be redirected back to homepage when accessing, let's say, the 'inc' directory. - webpage.com/inc - webpage.com/inc/login_user.php - webpage.com/inc/data/registration.php But I would need the PHP scripts to be able to access the 'inc' folder because the processing files are there. I tried mod_rewrite, but it would redirect the address with everything appended behind. If I try to access "http://webpage.com/inc/somefile.php", I would get redirected to "http://webpage.com/somefile.php". It should be redirected to "http://webpage.com" instead. Wondering if it's the right place to use mod_rewrite Thanks in advance for any help. Quote Link to comment https://forums.phpfreaks.com/topic/108538-preventing-access-to-directory-path-from-client-browsers/ Share on other sites More sharing options...
wildteen88 Posted June 3, 2008 Share Posted June 3, 2008 Post your rewrite rule here. PHP will not be affected by mod_rewrite rules. Quote Link to comment https://forums.phpfreaks.com/topic/108538-preventing-access-to-directory-path-from-client-browsers/#findComment-556704 Share on other sites More sharing options...
parka Posted June 4, 2008 Author Share Posted June 4, 2008 RewriteRule / http://localhost I'm using the above rewriteRule. It seems that I won't be able to do any processing because I can't reach my processing PHP files. E.g. When I try to login with name and password, I'll get redirected back to the same page, with nothing happening. If I were to just put a "index.php" file in every directory, does that solve anything? It might be harder for intruders to understand the directory structure. If the intruders type in something like "http://webpage.com/inc/login.php", they will get a blank document parsed back. I'm just worried about security. Quote Link to comment https://forums.phpfreaks.com/topic/108538-preventing-access-to-directory-path-from-client-browsers/#findComment-557138 Share on other sites More sharing options...
wildteen88 Posted June 4, 2008 Share Posted June 4, 2008 Place a .htaccess file in your inc directory and use the following: order allow,deny deny from all This will prevent anyone from accessing yoursite.com/inc or yoursite.com/inc/somefile.php This will not stop your PHP scripts from working. PHP does not use Apache when including files via include/require. PHP will use the filesystem defined by the operating system. Quote Link to comment https://forums.phpfreaks.com/topic/108538-preventing-access-to-directory-path-from-client-browsers/#findComment-557642 Share on other sites More sharing options...
parka Posted June 5, 2008 Author Share Posted June 5, 2008 It seemed when I used "deny from all" in .htaccess file, the page won't be able to call up the processing files inside the "inc" folders. I'll get a 500 Internal server error. The most drastic measure I guess would be to put the "inc" folder outside of the web folder. That will require rewrite for quite some code. Quote Link to comment https://forums.phpfreaks.com/topic/108538-preventing-access-to-directory-path-from-client-browsers/#findComment-558045 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.