Accountant م Accountant م - 1 year ago 77
Apache Configuration Question

How to protect my php files on the server from being requested

I'm very new to php and web , now I'm learning about oop in php and how to divide my program into classes each in .php file. before now all I know about php program, that I may have these files into my root folder

  1. home.php

  2. about.php

  3. products.php

  4. contact.php

So, whenever the client requests any of that in the browser

No problem, the files will output the proper page to the client.

Now, I have a problem. I also have files like these in the root folder

  1. class1.php

  2. class2.php

  3. resources/myFunctions.php

  4. resources/otherFunctions.php

how to prevent the user from requesting these files by typing something like this in the browser ?

The ways that I have been thinking of is by adding this line on top of every file of them

Or, I know there is something called .htaccess that is an Apache configuration file that effect the way that the Apache works.

What do real life applications do to solve this problem ?

Answer Source

You would indeed use whatever server side configuration options are available to you.

Depending on how your hosting is set up you could either modify the include path for PHP ( or restricting the various documents/directories to specific hosts/subnets/no access in the Apache site configuration (

If you are on shared hosting, this level of lock down isn't usually possible, so you are stuck with using the Apache rewrite rules using a combination of a easy to handle file naming convention (ie, and, the .htaccess file and using the FilesMatch directive to block access to *.inc.php -

FWIW all else being equal the Apache foundation says it is better/more efficient to do it in server side config vs. using .htaccess IF that option is available to you.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download