htaccess question (allow internall scripts only)

satch

How do I set up an htaccess file so that people on the net cannot access a certain folder, but still allow scripts in other folders include files in the protected folder? So, only allow requests from internal scripts I guess.. please help!

weekender

you can put the following line at the top of the page...

if (!eregi("thisfile.php", $PHP_SELF)) { die ("Access Denied"); }

what this says is "if this file is opened directly in a browser, give the message access denied and stop."

if you have to use htaccess, a "deny from all" may help. maybe you can change this to only allow a certain ip, and put in the localhost ip (127.0.0.1), ie "allow from 127.0.0.1".

not sure

satch

I tried this with no luck.. 🙁 any other ideas?

weekender

that is surprising - i know the eregi method works, though i'm not sure about the htaccess. before you use the eregi method, try printing $php_self and see what is given...

bav

if (!eregi("thisfile.php", $PHP_SELF)) { die ("Access Denied"); }

How about if "thisfile.php" is included in another page, would it work? I tried it but it shows "Access Denied".

weekender

that's what it's supposed to do... if someone accesses the file directly, it will print "Access Denied", but you can still include the file in other scripts i think...