2
I’m studying htacess, and found this article (that helped in a lot of things), where it says the following:
Let’s say you wish prevent third parties from accessing certain files and folders on your site. You have any script installed, for example, and want to prevent visitors from accessing your "includes" folder.
On the other hand, you need to ensure that any page of the site in question can "call" smoothly the files contained in this folder. Simply add a . htaccess with the following content in that folder, in this case "includes":
# Acesso restrito!
deny from all
The question of accessing the directory listing Options -Indexes already solved, but I put deny from all, no file of this folder can be accessed by submit, even if the request comes from a page of the site itself.
Forbidden
You don’t have permission to access /pastaProtegida/arquivodaPastaProtegida.php on this server.
In case this page is called by a submit of a form.
What I do not understand is that in the folder of "pure scripts", which are not called by form Ubmit this works, IE, they are used and can not access by typing the path in the browser.
For example: if the page above calls a script like this:
<?php
include "pastaProtegida/scriptQueVaiSerUsado.php";
?>
That’s how it works, but when one page calls the other by submit it doesn’t work... why? How can I make sure that the pages in a directory can only be accessed by requests from other pages on the same site, but not if the person type the url in the browser (or even click on a link that is outside the site)? You can do this only with htaccess (without using routes or p.ex authentication system.)?
It is probably not working because in Submit you are making an http request, already in include, as it is php, it is still on the server. I imagine that’s it. As for your other question, I’ve had this problem, I faithfully wait to know answer, hehe
– Miguel Neto
Yes, that must be right, and I realized that css and js also do not open, I think for the same reason... @Miguelneto
– gustavox