Preventing DIRECT access to files

Need help installing PHP, configuring a script, or configuring a server? Then come on in and post your questions! We'll try to help the best we can!

Moderator: General Moderators

Post Reply
kkonline
Forum Contributor
Posts: 251
Joined: Thu Aug 16, 2007 12:54 am

Preventing DIRECT access to files

Post by kkonline »

I am using mod rewrite rules for redirecting. An example of the rule is as below

Code: Select all

RewriteRule ^/?(1)/([0-9]+)/([0-9]+)/([a-zA-Z])$ dir/index.php?sid=$1&catid=$2&page=$3&alphabet=$4
Now someone who knows that there exists a folder dir can write
example.com/dir/index.php access the file although it requires sid, catid, page and alphabet as a must. I want to prohibit this.

writing example.com/dir/index.php should give a notice "wrong url come thru proper redirection" but example.com/1/1/1/ should redirect to correct path without any errors. How to do this??
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

Using "RewriteCond" and "-f" (file exists) or "-d" (directory exists) should help you out. You may want to restrict it to certain file types because it also counts for images and such.
kkonline
Forum Contributor
Posts: 251
Joined: Thu Aug 16, 2007 12:54 am

Post by kkonline »

superdezign wrote:Using "RewriteCond" and "-f" (file exists) or "-d" (directory exists) should help you out. You may want to restrict it to certain file types because it also counts for images and such.
Can you quote a small example in what way it will be helpful. What will happen if someone write mysite.com/dir/index.php ???
User avatar
stereofrog
Forum Contributor
Posts: 386
Joined: Mon Dec 04, 2006 6:10 am

Re: Preventing DIRECT access to files

Post by stereofrog »

kkonline wrote: Now someone who knows that there exists a folder dir can write
example.com/dir/index.php access the file although it requires sid, catid, page and alphabet as a must. I want to prohibit this.
In index.php, compare REQUEST_URI and SCRIPT_NAME and raise an error in they match.
This doesn't free you from checking input parameters.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Mod_rewrite questions have nothing to do with PHP Code per se. Therefore this is moved to Installation.
Post Reply