realnsleo Posted May 16, 2009 Share Posted May 16, 2009 hi everyone .. i have just finished developing a web application i hope to put on the www very soon. however my application has various folders that i dont want the public to access directly through a URL for example the images, config and includes folder which contain database and php scripts containing classes and functions and so on.. secondly in the includes folder for example i have a file called functions.php. so when someone accesses www.mysitename.com/includes/functions.php, i want a message to be output saying file cannot be accessed. can anyone please tell me how i can go about this. thank you Link to comment https://forums.phpfreaks.com/topic/158399-php-security-problem-please-help/ Share on other sites More sharing options...
Daniel0 Posted May 16, 2009 Share Posted May 16, 2009 If you don't want people to access it, then place it above the document root. Link to comment https://forums.phpfreaks.com/topic/158399-php-security-problem-please-help/#findComment-835368 Share on other sites More sharing options...
sKunKbad Posted May 16, 2009 Share Posted May 16, 2009 If you can modify or create an .htaccess file, you can put the following in it, and people will not be able to browse your directories: Options -Indexes And to keep people from accessing a file directly, you can you mod_rewrite with a rewrite rule such as: RewriteRule ^functions.php - [F,L] or use something like this: <Files functions.php> order deny,allow deny from all allow from yourwebsite.com </Files> Link to comment https://forums.phpfreaks.com/topic/158399-php-security-problem-please-help/#findComment-835370 Share on other sites More sharing options...
realnsleo Posted May 16, 2009 Author Share Posted May 16, 2009 thanks alot. that helped a bunch Link to comment https://forums.phpfreaks.com/topic/158399-php-security-problem-please-help/#findComment-835551 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.