Prevent direct access to webserver files

Prevent direct access to webserver files

How can I prevent direct access to my /css and /scripts folders, and there contents? Also, is there a way I can prevent direct access to index.php? (The right way is to just go to my website, which automatically loads the home page through index.php, or go to the specific page with website.com/thepage, which goes to index.php?page=thepage. None of my links directly go to index.php.)

Asked by: Guest | Views: 217

Total answers/comments: 1

Comments display order:

Guest [Entry]

"I'm not a web development guy, but from what I understand the following are true:

Loading your index.php in a browser spits out the page code that the browser receives and renders. So the browser requests:

http://website.com/index.php

The page code it gets includes certain CSS and Javascript files from your css/ and script/ directories. So the browser requests:

http://website.com/css/mystyle.css
http://website.com/script/myscript.js

In order to include these files, the browser must request those URLs from your webserver, and your webserver must serve them from those URLs.

If so, then no, you can't do what you're asking without changing how your CSS and script files are included.

You could change the PHP, so that it's output doesn't include links to external files, but rather includes the content of those files as inline sections of the PHP output. Then you can use the webserver's standard access controls to disallow access to the css/ and script/ directories."