StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>You can't really prevent direct requests to the files, and still have them remain accessible to other requests. The best you can do is mask their location, and control <em>how</em> they are accessed.</p> <p>One way you could go is to create a PHP "switch" script, which would include the scripts for you, rather than have Apache request them directly.</p> <p>For example, if you had your <code>scripts/image.php</code> rule target <code>switch.php?file=image.php</code> instead, somewhat like:</p> <pre><code>RewriteRule ([^\.]+\.(jpe?g|png|gif)$ switch.php?file=image.php&rw=1&meta=$1 [L,QSA] </code></pre> <p>You could add <code>deny from all</code> to the <code>scripts/.htaccess</code> file and do this in your <code>switch.php</code> file.</p> <pre><code><?php /** File: switch.php **/ $allowed_files = array( 'login.php', 'image.php' ); $script_dir = 'scripts/'; if(isset($_POST['rw']) && in_array($_REQUEST['file'], $allowed_files)) { include $script_dir . $allowed_files[$_REQUEST['file']]; } else { header('HTTP/1.1 404 File Not Found'); include 'error404.html'; // Or something to that effect. } ?> </code></pre> <p>The <code>$_POST['rw']</code> there is a weak check, to see if the rule came from a RewriteRule, meant to prevent direct requests to the file. Pretty easy to bypass if you know it is there, but effective against random requests by bots and such.</p> <p>This way, direct requests to either <code>scripts/image.php</code> and <code>switch.php?file=image.php</code> would fail, but requests to any image file would trigger the <code>scripts/image.php</code> script.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload