php security problem please help

[realnsleo]

hi everyone .. i have just finished developing a web application i hope to put on the www very soon. however my application has various folders that i dont want the public to access directly through a URL for example the images, config and includes folder which contain database and php scripts containing classes and functions and so on..

secondly in the includes folder for example i have a file called functions.php. so when someone accesses www.mysitename.com/includes/functions.php, i want a message to be output saying file cannot be accessed.

 

can anyone please tell me how i can go about this. thank you

[Daniel0]

If you don't want people to access it, then place it above the document root.

[sKunKbad]

If you can modify or create an .htaccess file, you can put the following in it, and people will not be able to browse your directories:

 

Options -Indexes

 

And to keep people from accessing a file directly, you can you mod_rewrite with a rewrite rule such as:

 

RewriteRule ^functions.php - [F,L]

 

or use something like this:

 

<Files functions.php>

order deny,allow

deny from all

allow from yourwebsite.com

</Files>

[realnsleo]

thanks alot. that helped a bunch