Jump to content

Recommended Posts

Hello everyone,

 

What is the best method of blocking direct access to certain files like functions, modules, and etc?

 

I was trying the

if ( ! defined('BASEPATH')) exit('No direct script access allowed');

method but I feel like there must be a more convenient/better way.

 

Any suggestions are appreciated, thank you.

Link to comment
https://forums.phpfreaks.com/topic/257997-block-direct-access-to-certain-pages/
Share on other sites

Put all the auxiliary files into a folder that is either outside (closer to the disk root) your htdocs folder or if you can only put folders inside your htdocs folder, use a .htaccess file to prevent all http requests to the files in that folder.

Put all the auxiliary files into a folder that is either outside (closer to the disk root) your htdocs folder or if you can only put folders inside your htdocs folder, use a .htaccess file to prevent all http requests to the files in that folder.

 

Aside from being easier, this is more secure as well right?

The security is the same for either method.

 

However, by preventing the http request for the files in the first place, you will save some server resources if someone does start trying to directly request the file. For the case of putting the conditional test in each file, if the file is requested, the php language engine will be invoked, the entire file will be parsed and tokenized, then execution will start until it reaches and evaluates the if(){} statement.

The security is the same for either method.

 

However, by preventing the http request for the files in the first place, you will save some server resources if someone does start trying to directly request the file. For the case of putting the conditional test in each file, if the file is requested, the php language engine will be invoked, the entire file will be parsed and tokenized, then execution will start until it reaches and evaluates the if(){} statement.

 

Understood, thank you very much for the in-depth explanation.

 

On a side note, this may seem like a bit of an unorthodox request, but seeing that you have an immense amount of posts/rep, do you think you could take a look at my other post regarding "base url" in php? I have been going at it for a few hours and I am breaking my head over this. I am very sorry if this causes any offence, this will be the only time.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.