阻止直接访问php包含文件 [英] Prevent direct access to a php include file

问题描述

我有一个php文件，我将作为一个包含使用。因此，当我通过输入URL而不是被包含来直接访问它时，我想抛出一个错误而不是执行它。

I have a php file which I will be using as exclusively as an include. Therefore I would like to throw an error instead of executing it when it's accessed directly by typing in the URL instead of being included.

基本上我需要做一个检查如下在php文件中：

Basically I need to do a check as follows in the php file:

if ( $REQUEST_URL == $URL_OF_CURRENT_PAGE ) die ("Direct access not premitted");

有一种简单的方法吗？

推荐答案

在您可能或可能无法完全控制的Apache服务器上运行的通用PHP应用程序最简单的方法是将您的包含放在目录中并拒绝访问该目录.htaccess文件中的目录。为了省去Googling的麻烦，如果你正在使用Apache，请把它放在你不想访问的目录中名为.htaccess的文件中：

The easiest way for the generic "PHP app running on an Apache server that you may or may not fully control" situation is to put your includes in a directory and deny access to that directory in your .htaccess file. To save people the trouble of Googling, if you're using Apache, put this in a file called ".htaccess" in the directory you don't want to be accessible:

Deny from all

如果你真的完全控制了服务器（这些天甚至比我第一次写这个答案时更少见的应用程序更常见），最好的方法是将您想要保护的文件粘贴到Web服务器所服务的目录之外。因此，如果您的应用位于 / srv / YourApp / ，请将服务器设置为从 / srv / YourApp / app / 并将包含在 / srv / YourApp / includes 中，因此确实没有任何可以访问它们的URL。

If you actually have full control of the server (more common these days even for little apps than when I first wrote this answer), the best approach is to stick the files you want to protect outside of the directory that your web server is serving from. So if your app is in /srv/YourApp/, set the server to serve files from /srv/YourApp/app/ and put the includes in /srv/YourApp/includes, so there literally isn't any URL that can access them.

这篇关于阻止直接访问php包含文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！