Hide *.inc.php from website visitors
Posted
by Ghostrider
on Stack Overflow
See other posts from Stack Overflow
or by Ghostrider
Published on 2010-05-21T00:48:34Z
Indexed on
2010/05/21
0:50 UTC
Read the original article
Hit count: 331
I have a script myscript.inc.php which handles all urls that look like /script-blah I accomplish this by using following .htaccess
RewriteEngine On
RewriteRule ^script-(.*)$ myscript.inc.php?s=$1 [QSA,L]
However users could also access it this way by typing /myscript.inc.php?s=blah I would like to prevent that. I tried
<Files ~ "\.inc\.php$">
Order deny,allow
Deny from all
</Files>
and
RewriteCond %{REQUEST_URI} \.inc\.php
RewriteRule .* - [F,L,NS]
They both prevent users from viewing /myscript.inc.php?s=blah but they also cause /script-blah to return 403...
Is there a way to do this correctly?
© Stack Overflow or respective owner