Home >Backend Development >PHP Tutorial >How to Restrict Direct Access to PHP Files (Except Index.php)?
How to Restrict Direct Access to PHP Files (Except Index.php)?
- DDDOriginal
- 2024-10-24 10:54:291152browse
Preventing Direct Access to .php Files
Securing .php files from direct access is crucial for website protection. This article addresses the need to restrict access to all .php files except index.php, ensuring that files are only accessed through PHP include.
Solution:
To deny direct access to all .php files except index.php, follow these steps:
- Ensure that your Apache server has mod_access installed.
- Add the following code to your .htaccess file located in the same folder as your PHP files:
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
<Files /index.php>
Order Allow,Deny
Allow from all
</Files>
Explanation:
- The first directive, Order Deny,Allow, denies access to all files by default.
- Allow from 127.0.0.1 creates an exception for localhost, allowing access to files from the local machine.
- The second directive,
... , specifically applies the rules to index.php, allowing access to this file from all IP addresses.
Additional Considerations:
- To allow access to specific files, such as .css or .js, use the following code:
<FilesMatch ".*\.(css|js)$">
Order Allow,Deny
Allow from all
</FilesMatch>
- Note that you cannot use
or directives in .htaccess files to achieve this result.
Caution:
- Use the above solution with care, as it could restrict access to essential files, such as images and scripts.
Update for Apache 2.4:
For Apache 2.4, use Require all denied instead of Deny from all in the first directive.
The above is the detailed content of How to Restrict Direct Access to PHP Files (Except Index.php)?. For more information, please follow other related articles on the PHP Chinese website!