whoshotdk
07-12-2010, 11:23 PM
Hi,
Im currently using mod_rewrite to direct all requests to my main index.php file. This file then pulls stuff from a DB and displays content based on the URI the user entered.
This allows me to have URIs like:
mywebsite.com/mypage
mywebsite.com/anotherpage
The main index.php file includes a number of .php files to help make up each page (like 'header.php' and 'footer.php').
All these included .php files are in a subdirectory 'pages'.
This all works great so far; but I've discovered an issue; someone can go to one of the include files (i.e 'mywebsite.com/pages/header.php').
I'd like to stop people getting access to any files within the 'pages' directory or indeed any request that contains '.php'.
After a load of Googling I've tried various bits of code to attain this, for example:
<Files ~ "\.php$">
Order allow,deny
Deny from all
</Files>
However, this then prevents my actual script from including the .php files aswell.
So what Id like to do is allow my main index.php script to include whatever it wants, but stop users from accessing the 'raw' .php files as it were.
The .htaccess file so far:
Options +FollowSymLinks
RewriteEngine on
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript
FileETag none
RewriteCond %{http_host} ^mywebsite.com [NC]
RewriteRule ^(.*)$ http://www.mywebsite.com/$1 [R=301,L]
RewriteRule ^index.htm$ http://www.mywebsite.com/ [R=301,L]
RewriteRule ^([^\.]+)/?$ index.php [L]
Any suggestions are much appreciated!
Thanks
Dave
Im currently using mod_rewrite to direct all requests to my main index.php file. This file then pulls stuff from a DB and displays content based on the URI the user entered.
This allows me to have URIs like:
mywebsite.com/mypage
mywebsite.com/anotherpage
The main index.php file includes a number of .php files to help make up each page (like 'header.php' and 'footer.php').
All these included .php files are in a subdirectory 'pages'.
This all works great so far; but I've discovered an issue; someone can go to one of the include files (i.e 'mywebsite.com/pages/header.php').
I'd like to stop people getting access to any files within the 'pages' directory or indeed any request that contains '.php'.
After a load of Googling I've tried various bits of code to attain this, for example:
<Files ~ "\.php$">
Order allow,deny
Deny from all
</Files>
However, this then prevents my actual script from including the .php files aswell.
So what Id like to do is allow my main index.php script to include whatever it wants, but stop users from accessing the 'raw' .php files as it were.
The .htaccess file so far:
Options +FollowSymLinks
RewriteEngine on
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript
FileETag none
RewriteCond %{http_host} ^mywebsite.com [NC]
RewriteRule ^(.*)$ http://www.mywebsite.com/$1 [R=301,L]
RewriteRule ^index.htm$ http://www.mywebsite.com/ [R=301,L]
RewriteRule ^([^\.]+)/?$ index.php [L]
Any suggestions are much appreciated!
Thanks
Dave