1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 5:13 am May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

how to protect some .php files

how to protect some .php files from all clients and not from my script

         

selenagomez

5:56 pm on May 27, 2010 (gmt 0)

10+ Year Member



I want to deny access to all .php files inside the following folder


/engine/engine.php
/engine/*.php
/engine/inc/*.php
/engine/ajax/*.php

I tried using the following code .. but if i used the following code my site's ajax stopped working
.htaccess code was

<Files ~ "^.(htaccess|htpasswd)$">
deny from all
</Files>
Options Indexes
ErrorDocument 404 /engine/inc/include/init.php
order deny,allow



and the 2nd code which i tried was

<Files "*.php">
Deny from all
</Files>


but also if i use the above code my site's ajax stops working :(


i want a .htaccess code through which i can deny access to those above mentioned files to all clients and not to my site's php script

selenagomez

5:58 pm on May 27, 2010 (gmt 0)

10+ Year Member



my website is <snip>
please .. i need to protect the /engine/engine.php file

[edited by: jdMorgan at 8:44 pm (utc) on May 27, 2010]
[edit reason] please use example.com only [/edit]

jdMorgan

8:51 pm on May 27, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



This would imply that you have mixed files requested by AJAX on the client side with files requested by php on the server side.

If the filenames for each application have some unique naming convention that can be used to decide if they are used by AJAX or PHP, then see the <FIlesMatch> directive, which can be used to enclose you mod_access directives -- and invoke different ones for each each group.

If the files are not distinguishable by name characteristics, then you'll need to split them into two separate directories, and then you can deny Web access in the directory storing files included on the server-side by PHP.

Jim

selenagomez

5:04 am on May 28, 2010 (gmt 0)

10+ Year Member



yes
i know the files which are used by ajax and php
although they are mixed and placed in the same folder
i know which are used by php and which are used by ajax
i can distinguish between them
but
again the problem comes


how to protect files?
?

g1smd

10:54 am on May 28, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Without knowing exactly "how" they are distinguished, it is impossible to answer that question.

If they were distinguished by "being in separate folders" the answer would be very easy.

jdMorgan

2:24 pm on May 28, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



You (as a person) may know which files need to be protected, but we need to find a way to tell the server which files need to be protected -- and which don't.

Unless the files to be protected share some identifiable naming characteristics different from those which do not need to be protected, the only option is to list them: 

<FilesMatch "^(protected-file1|protect-this-file2|my-protected-file3)\.php$">
Deny from all
</FilesMatch>

From your code above, I assumed here that they are all php files.

See Apache mod_access and the <FilesMatch> documentation in Apache core for more details.

Jim
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 5:13 am May 2, 2026