How to prevent the user from accessing server-side PHP scripts by url?

V

Vlad_isLove2019-07-16 15:42:08

PHP

Vlad_isLove, 2019-07-16 15:42:08

There is a site in the root directory that has PHP site pages and server PHP scripts that are responsible for authorization and so on, also an ajax folder in which PHP scripts for issuing content to users and receiving user input via AJAX, as well as other folders with IMG and JavaScript. How to make the user only be able to view the PHP pages of the site. And could not climb the entire server, for example, by entering site/ajax/ or site/ajax/script.php or site/script.php (which is not a page but is needed to execute a php script)?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

T

ThunderCat, 2019-07-16
@Vlad_isLove

also other folders with IMG and JavaScript.

if the user cannot open them, it is logical that the browser will not be able to reach them, and your site will be without pictures and scripts. The same, however, applies to Ajax requests, they are sent by the browser, another thing is that inside them you can track what type of request, and if, say, not Ajax, we do exit (well, as the easiest option).

F

FanatPHP, 2019-07-16
@FanatPHP

The ajax folder cannot be closed in any way. The moment when you realize this can be considered the moment when you began to slowly become an apprentice web programmer.
The rest can be placed in a folder above the web server root. But in general, this is a pointless undertaking, so relax and do something better.