cancel
Showing results for 
Search instead for 
Did you mean: 

PHP Includes

Boxersoft
Grafter
Posts: 104
Thanks: 1
Registered: ‎25-07-2009

PHP Includes

If I understand correctly, the general advice on files containing PHP fragments for inclusion in PHP scripts is to place them somewhere outside of the scope of the web-served directory tree. It looks to me as if the organisation of user areas on the PlusNet ccgi setup precludes that, because everywhere under user control is within the served scope. Is best practice on this platform simply to place them in a folder with browsing turned off and permissions set to prevent execution (600: -rw-------)? I'm not particularly familiar with Linux permissions so I'm not too clear about what allows/denies Apache permission to serve a file (other than, presumably, *.php and other script files would presumably be executed server-side and never have their contents delivered to a browser).
5 REPLIES 5
Ben_Brown
Grafter
Posts: 2,839
Registered: ‎13-06-2007

Re: PHP Includes

You could put them all in a directory (for example 'includes') and use mod_rewrite to deny access. In your cgi home directory (the one you're in when you FTP in) place a file called .htaccess containing:

RewriteEngine On
RewriteRule ^/includes/? -

This will give a 403 Forbidden error for anything in /includes (e.g. http://ccgi.username.plus.com/includes/foo.php). As the PHP include is internal to PHP it will still be able to include them.
Boxersoft
Grafter
Posts: 104
Thanks: 1
Registered: ‎25-07-2009

Re: PHP Includes

Excellent - thanks Ben.
Gabe
Community Veteran
Posts: 767
Registered: ‎29-10-2008

Re: PHP Includes

Must be Friday.
No leading slash in .htaccess rewrites, so just:
RewriteEngine On
RewriteRule ^includes/? -
in the home directory, or
deny from all
in the includes directory (or call them foo.inc.php anywhere and use a FilesMatch)
Gabe
Ben_Brown
Grafter
Posts: 2,839
Registered: ‎13-06-2007

Re: PHP Includes

Gah, I'm more used to writing rewrites in the server config, where you do use a leading slash. Well that's my excuse anyway Wink
Boxersoft
Grafter
Posts: 104
Thanks: 1
Registered: ‎25-07-2009

Re: PHP Includes

Smiley Thanks both.