htaccess to block php include folders

Forum Moderators: phranque

Message Too Old, No Replies

htaccess to block php include folders

Ben502

3:12 am on May 6, 2011 (gmt 0)

i tried to set an htaccess file to keep people from being able to see my php include folder by using:

order deny,allow
deny from all

but when i do that it does not let my php forms run...this is prolly really simple i have just never tried this before...how dumb am i being

i still want my forms to work i just dont want people to be able to get into my folder...

wilderness

3:42 am on May 6, 2011 (gmt 0)

I've no clue of PHP.

"Options -Indexes" [google.com]

g1smd

7:52 am on May 6, 2011 (gmt 0)

You should not be directly POSTing a form to the "includes" folder. The "includes" folder should contain only files which are INCLUDEd by PHP from some other part of the site.

Ben502

11:19 am on May 6, 2011 (gmt 0)

that is what i am doing. what i have now is lets say form1.php in my main folder. then in my include folder, i have things like configfure and process files. i just want to make sure that no one can ever get into that include folder

g1smd

8:14 pm on May 6, 2011 (gmt 0)

Make sure the INCLUDE references only a server path and file not a domain name. This keeps the request internal to the server.