How to create simple prevent direct access to a php include file with .htaccess page?

Question

I am a newbie to PHP, I would like to create a prevent direct access to a php include file with .htaccess page

DemoSite/    <-folder
        index.php
        global_variable.php
        .htaccess

I want to prevent direct access global_variable.php file

like if ( $_SERVER['REQUEST_METHOD']=='GET' && realpath(__FILE__) == realpath( ...)

Anyidea how to use .htaccess to achieve it???

Thank you very much

No need to use `.htaccess`. Just place the file in a folder outside the web root and load it from there. — Tangentially Perpendicular, Mar 10 '21 at 01:19
check this link https://stackoverflow.com/questions/409496/prevent-direct-access-to-a-php-include-file#:~:text=The%20best%20way%20to%20prevent,them%20through%20an%20http%20request. — Basharmal, Mar 10 '21 at 01:27
or check this link https://www.php.net/manual/en/function.get-included-files.php — Basharmal, Mar 10 '21 at 01:35

score 1 · Accepted Answer · 2021-03-10T01:35:52.040

1

Just add a string Deny from all in .htaccess file to your include directory

Or

If you want to prevent a file Then use

<Files "global_variable.php">  
  Order Allow,Deny
  Deny from all
</Files>

edited Mar 10 '21 at 01:35

answered Mar 10 '21 at 01:26

score 0 · Answer 2 · answered Mar 10 '21 at 01:32

The simple practice is adding file to a folder (so the rules just apply to the desired file in folder) and surrounding the folder with this htaccess :

Deny from all
allow from 127.0.0.1
allow from YOUR_SERVER_IP

But a better way with php would be to define a value in your index file or any file that is gonna get accessed by user and include or require your desired file, then in it you can check if a value is defined or not, Example :

index.php

define('ACCESS', true);

global_variable.php

defined('ACCESS') or die("No direct access is allowed");

How to create simple prevent direct access to a php include file with .htaccess page?

2 Answers2