Welcome to WebmasterWorld Guest from 184.72.177.182

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

htaccess to block php include folders

     
3:12 am on May 6, 2011 (gmt 0)

Junior Member

5+ Year Member

joined:Aug 21, 2010
posts: 60
votes: 0


i tried to set an htaccess file to keep people from being able to see my php include folder by using:

order deny,allow
deny from all

but when i do that it does not let my php forms run...this is prolly really simple i have just never tried this before...how dumb am i being

i still want my forms to work i just dont want people to be able to get into my folder...
3:42 am on May 6, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5408
votes: 2


I've no clue of PHP.

"Options -Indexes" [google.com]
7:52 am on May 6, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


You should not be directly POSTing a form to the "includes" folder. The "includes" folder should contain only files which are INCLUDEd by PHP from some other part of the site.
11:19 am on May 6, 2011 (gmt 0)

Junior Member

5+ Year Member

joined:Aug 21, 2010
posts: 60
votes: 0


that is what i am doing. what i have now is lets say form1.php in my main folder. then in my include folder, i have things like configfure and process files. i just want to make sure that no one can ever get into that include folder
8:14 pm on May 6, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


Make sure the INCLUDE references only a server path and file not a domain name. This keeps the request internal to the server.