Home > Tutorials > PHP Tutorials

_php Tutorial for a solution that prohibits PHP files from being accessed directly under Apache

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
At first, I wanted to block the URL of the PHP suffix from being accessed directly in the rewrite rule. But later found that rewrite rules are recursive calls, if the rewrite rules directly prohibit PHP, then the rewrite to the PHP file rules will be invalidated. Rewriteengineon
Copy CodeThe code is as follows:
REWRITERULE^TEST$/TEST.PHP[L]
REWRITERULE^TEST.PHP$$0[F,L]

Recursive call this is really scary, the first time you visit/test URL rewrite check once, and then match to ^test$ on-premises redirection to/test.php, but internal redirection will also trigger URL rewriting, so check again, match to ^test.php$, is forced directly [F] ( Forbidden) operation, so it becomes a 403 error. In this case, it is necessary to determine whether the server redirection has been done. There is a redirect_url in the server variable, so I try to use this as a judgment.
Copy the Code code as follows:
Rewriteengineon
REWRITERULE^TEST$/TEST.PHP[L]
rewritecond%{redirect_url}^$

REWRITERULE.*$0[F,L] So write access/test still be 403, a little check, found Rewritecond in%{redirect_url} is always empty, this egg hurts, so in the rewrite rules can not directly ban PHP. But it can be implemented in a less flashy way. is in the PHP file to Judge Redirect_url, although this method can be achieved, but feel very bad, but so far has not found any better way.
Copy the Code code as follows:
$_server[' Redirect_url ']ordie (' Forbidden ');
This is just a display of text, the actual use of the time also need to output the HTTP error code.
echo$_server[' Redirect_url '];//successful access to display information
?>

The PHP code to change the drop into the global reference is basically no problem, although not the perfect solution, but at least resolved, may find a better way.

http://www.bkjia.com/PHPjc/326799.html www.bkjia.com true http://www.bkjia.com/PHPjc/326799.html techarticle at first, I wanted to block the URL of the PHP suffix from being accessed directly in the rewrite rule. But later found that rewrite rules are recursive calls, if the rewrite rules directly prohibit PHP, then rewrite to ...

    • This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    Get Started for Free

    • Sales Support

      1 on 1 presale consultation

      Chat Contact Sales

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

      Open a Ticket

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

      Learn More