0

I am using apache server. Is there a way to prevent users from accessing my include files directly ? But only allow the server the access to those ?

Improve this question
1

3 Answers 3

Reset to default
2

Another way is to have the include files outside of the directory the site is served from. For example:

/ includes/somefile.php http/index.php

So the Web site is served from http/, but includes are outside of that directory, meaning no one can access them directly from a Web browser, but your scripts can include them like this:

<?php require_once '../includes/somefile.php'; [...]
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

Put them in a directory outside of the web root.

i.e. if index.php is in /var/www/domain.com/www, put the includes in /var/www/domain.com/includes or something.

Improve this answer

Comments

2

Do not put the include files under the document root (i.e. outside the file tree that apache delivers to the user).

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.