parka Posted June 3, 2008 Share Posted June 3, 2008 How can I prevent access to a directory when users type in the URL address? E.g. Users should be redirected back to homepage when accessing, let's say, the 'inc' directory. - webpage.com/inc - webpage.com/inc/login_user.php - webpage.com/inc/data/registration.php But I would need the PHP scripts to be able to access the 'inc' folder because the processing files are there. I tried mod_rewrite, but it would redirect the address with everything appended behind. If I try to access "http://webpage.com/inc/somefile.php", I would get redirected to "http://webpage.com/somefile.php". It should be redirected to "http://webpage.com" instead. Wondering if it's the right place to use mod_rewrite Thanks in advance for any help. Link to comment https://forums.phpfreaks.com/topic/108538-preventing-access-to-directory-path-from-client-browsers/ Share on other sites More sharing options...
wildteen88 Posted June 3, 2008 Share Posted June 3, 2008 Post your rewrite rule here. PHP will not be affected by mod_rewrite rules. Link to comment https://forums.phpfreaks.com/topic/108538-preventing-access-to-directory-path-from-client-browsers/#findComment-556704 Share on other sites More sharing options...
parka Posted June 4, 2008 Author Share Posted June 4, 2008 RewriteRule / http://localhost I'm using the above rewriteRule. It seems that I won't be able to do any processing because I can't reach my processing PHP files. E.g. When I try to login with name and password, I'll get redirected back to the same page, with nothing happening. If I were to just put a "index.php" file in every directory, does that solve anything? It might be harder for intruders to understand the directory structure. If the intruders type in something like "http://webpage.com/inc/login.php", they will get a blank document parsed back. I'm just worried about security. Link to comment https://forums.phpfreaks.com/topic/108538-preventing-access-to-directory-path-from-client-browsers/#findComment-557138 Share on other sites More sharing options...
wildteen88 Posted June 4, 2008 Share Posted June 4, 2008 Place a .htaccess file in your inc directory and use the following: order allow,deny deny from all This will prevent anyone from accessing yoursite.com/inc or yoursite.com/inc/somefile.php This will not stop your PHP scripts from working. PHP does not use Apache when including files via include/require. PHP will use the filesystem defined by the operating system. Link to comment https://forums.phpfreaks.com/topic/108538-preventing-access-to-directory-path-from-client-browsers/#findComment-557642 Share on other sites More sharing options...
parka Posted June 5, 2008 Author Share Posted June 5, 2008 It seemed when I used "deny from all" in .htaccess file, the page won't be able to call up the processing files inside the "inc" folders. I'll get a 500 Internal server error. The most drastic measure I guess would be to put the "inc" folder outside of the web folder. That will require rewrite for quite some code. Link to comment https://forums.phpfreaks.com/topic/108538-preventing-access-to-directory-path-from-client-browsers/#findComment-558045 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.