how to protect server directory using .htaccess

前端 未结 5 1661
-上瘾入骨i
-上瘾入骨i 2021-02-10 21:02

I have designed a website, and within it I have a range of PHP scripts which interact with my system. For example, if a user uploads an image, this is processed by the script

5条回答
  •  不知归路
    2021-02-10 21:42

    I want to ensure the PHP pages will accept post values, get values and can redirect to other pages, but not be directly accessed via the address bar or downloaded?

    As long as Apache is configured to associate all .php files with the PHP application, no one can download the PHP content itself. So, if someone browsed to "mysite.com/image.php", PHP will run. The user will NOT see your PHP content.

    This should already by done in your httpd.conf file as :

    • AddType application/x-httpd-php .php .phtml

    Now, image.php will be expecting certain post parameters. Short of implementing an MVC architecture as Atli suggested above, you could gracefully and securely deal with any missing parameters if they aren't provided. Then, users can get to the page directly but not do anything with it.

提交回复
热议问题