Apache .htaccess Guide, Tutorials and Articles

Apache .htaccess Guide & Tutorial >>

Preventing access to your PHP includes files

If you have a directory containing PHP includes, that you do not wish to be accessed directly from the browser, there is a way of disabling the directory using Mod_Rewrite.
To enable this, create a .htaccess file following the main instructions and guidance, and include the following text:

## Enable Mod Rewrite, this is only required once in each .htaccess file
RewriteEngine On
RewriteBase /
## Test for access to includes directory
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /includes/ .*$ [NC]
## Test that file requested has php extension
RewriteCond %{REQUEST_FILENAME} ^.+\.php$
## Forbid Access
RewriteRule .* - [F,NS,L]

Where /includes/ is your includes directory.

Next Article: Prevent access to php.ini
Previous Article: Changing server signature

Post Comment

Your Name:
Your Comment: