I have a php file say "check.php" in my website and it is executed when a form is submitted.
我有一个php文件,名为“check”。php"在我的网站和它执行时,提交的表格。
say my website is "myweb.com" and the php file is in a directory "PHP"
假设我的网站是myweb.com php文件在php目录
I want to prevent direct url access to the "check.php" file i.e. if anyone types the url "myweb.com/PHP/check.php" ,then the php file should not be executed and it should return a error message instead.
我想阻止对“check”的直接url访问。查查php“文件,即,如果有人键入url url myweb.com/php/check.php”,则不应该执行php文件,而应该返回一个错误消息。
I tried to prevent the access by setting a rule in .htaccess ,but it blocks the php even when I try to submit the form.
我试图通过在.htaccess中设置规则来阻止访问,但即使在我试图提交表单时,它也会阻塞php。
.htaccess rule :
. htaccess规则:
RewriteEngine on
RewriteCond %{THE_REQUEST} \.php[\ /?].*HTTP/
(.*)\.php$ /index.html [L]
Is there any possible way to do it ?
有可能的办法吗?
4 个解决方案
#1
13
You can do it with PHP
你可以用PHP来做。
<?php
/* at the top of 'check.php' */
if ( $_SERVER['REQUEST_METHOD']=='GET' && realpath(__FILE__) == realpath( $_SERVER['SCRIPT_FILENAME'] ) ) {
/*
Up to you which header to send, some prefer 404 even if
the files does exist for security
*/
header( 'HTTP/1.0 403 Forbidden', TRUE, 403 );
/* choose the appropriate page to redirect users */
die( header( 'location: /error.php' ) );
}
?>
#2
3
Try this in Root/.htaccess :
试试这个根/。htaccess:
RewriteEngine on
RewriteCond %{REQUEST_METHOD} !^POST$
RewriteRule ^php/check.php$ - [NC,R=404,L]
This will return 404 not found if check.php is not accessed by form post method.
如果检查,将返回404未找到。php不能通过表单post方法访问。
#3
2
Put this code at the top of check.php:
将此代码放在check.php的顶部:
if(!isset($_SERVER['HTTP_REFERER'])){
// redirect them to your desired location
header('location:../index.php');
exit;
}
If the user access check.php by type the URL directly, it will redirect them to your desired location.
如果用户访问检查。php通过直接输入URL,将它们重定向到所需的位置。
#4
0
Try this one too. Past in the top of check.php
试试这个。在check.php的顶部
<?php debug_backtrace() || die ("<h2>Access Denied!</h2> This file is protected and not available to public."); ?>
An Access Denied will be presented when the file is access directly in the url
当文件直接访问url时,将显示拒绝访问
#1
13
You can do it with PHP
你可以用PHP来做。
<?php
/* at the top of 'check.php' */
if ( $_SERVER['REQUEST_METHOD']=='GET' && realpath(__FILE__) == realpath( $_SERVER['SCRIPT_FILENAME'] ) ) {
/*
Up to you which header to send, some prefer 404 even if
the files does exist for security
*/
header( 'HTTP/1.0 403 Forbidden', TRUE, 403 );
/* choose the appropriate page to redirect users */
die( header( 'location: /error.php' ) );
}
?>
#2
3
Try this in Root/.htaccess :
试试这个根/。htaccess:
RewriteEngine on
RewriteCond %{REQUEST_METHOD} !^POST$
RewriteRule ^php/check.php$ - [NC,R=404,L]
This will return 404 not found if check.php is not accessed by form post method.
如果检查,将返回404未找到。php不能通过表单post方法访问。
#3
2
Put this code at the top of check.php:
将此代码放在check.php的顶部:
if(!isset($_SERVER['HTTP_REFERER'])){
// redirect them to your desired location
header('location:../index.php');
exit;
}
If the user access check.php by type the URL directly, it will redirect them to your desired location.
如果用户访问检查。php通过直接输入URL,将它们重定向到所需的位置。
#4
0
Try this one too. Past in the top of check.php
试试这个。在check.php的顶部
<?php debug_backtrace() || die ("<h2>Access Denied!</h2> This file is protected and not available to public."); ?>
An Access Denied will be presented when the file is access directly in the url
当文件直接访问url时,将显示拒绝访问