Comments on: Advanced .htaccess Security – Block Access to Include Files Using .htaccess http://davidwalsh.name/htaccess-security-include-files Legendary scribbles about JavaScript, HTML5, AJAX, PHP, CSS, and ∞. Thu, 09 Feb 2012 15:40:33 +0000 hourly 1 http://wordpress.org/?v=3.3 By: Shailesh Tripathihttp://davidwalsh.name/htaccess-security-include-files/comment-page-1#comment-28134 Shailesh Tripathi Wed, 28 Dec 2011 00:31:18 +0000 http://davidwalsh.name/advanced-htaccess-security-block-access-to-include-files-using-htaccess/#comment-28134 Great tips on use htaccess very efficiently. Thanks Great tips on use htaccess very efficiently. Thanks

]]> By: Nicklas Smedhttp://davidwalsh.name/htaccess-security-include-files/comment-page-1#comment-26843 Nicklas Smed Wed, 07 Sep 2011 13:31:31 +0000 http://davidwalsh.name/advanced-htaccess-security-block-access-to-include-files-using-htaccess/#comment-26843 Maybe, this post could use an update.@Specs: I don't know the solution, but to deny access from all but the server, wouldn't solve your problem. As javascript files, are used by the user client, and not the server. Maybe, this post could use an update.

@Specs: I don’t know the solution, but to deny access from all but the server, wouldn’t solve your problem. As javascript files, are used by the user client, and not the server.

]]> By: Anu Nairhttp://davidwalsh.name/htaccess-security-include-files/comment-page-1#comment-18513 Anu Nair Thu, 01 Jul 2010 11:51:42 +0000 http://davidwalsh.name/advanced-htaccess-security-block-access-to-include-files-using-htaccess/#comment-18513 Wow!! That is really a cool trick... to block include files....Thanks.. :) Wow!! That is really a cool trick… to block include files….

Thanks.. :)

]]> By: Specshttp://davidwalsh.name/htaccess-security-include-files/comment-page-1#comment-9247 Specs Fri, 15 May 2009 13:45:22 +0000 http://davidwalsh.name/advanced-htaccess-security-block-access-to-include-files-using-htaccess/#comment-9247 I used this, but now my AJAX calls to .inc files (sends GET variables and then receives output from .inc file) aren't working anymore...<blockquote> new Request.HTML({url: 'http://www.blah.com/includes/consultant_ajax.inc?id='+id+'',... </blockquote>Isn't there a way to define a "Don't deny from server call" or something (if this makes sense)?I'm assuming the "deny from all" makes it fail even when a I make an AJAX call to the .inc file.Any thoughts? I used this, but now my AJAX calls to .inc files (sends GET variables and then receives output from .inc file) aren’t working anymore…

new Request.HTML({url: ‘http://www.blah.com/includes/consultant_ajax.inc?id='+id+'',...

Isn’t there a way to define a “Don’t deny from server call” or something (if this makes sense)?

I’m assuming the “deny from all” makes it fail even when a I make an AJAX call to the .inc file.

Any thoughts?

]]> By: Specshttp://davidwalsh.name/htaccess-security-include-files/comment-page-1#comment-9246 Specs Fri, 15 May 2009 13:44:14 +0000 http://davidwalsh.name/advanced-htaccess-security-block-access-to-include-files-using-htaccess/#comment-9246 I used this, but now my AJAX calls to .inc files (sends GET variables and then receives output from .inc file) aren't working anymore...<blockquote> new Request.HTML({ url: 'http://www.blah.com/includes/consultant_ajax.inc?id='+id+'', </blockquote>Isn't there a way to define a "Don't deny from server call" or something (if this makes sense)?I'm assuming the "deny from all" makes it fail even when a I make an AJAX call to the .inc file.Any thoughts? I used this, but now my AJAX calls to .inc files (sends GET variables and then receives output from .inc file) aren’t working anymore…

new Request.HTML({
url: ‘http://www.blah.com/includes/consultant_ajax.inc?id='+id+'',

Isn’t there a way to define a “Don’t deny from server call” or something (if this makes sense)?

I’m assuming the “deny from all” makes it fail even when a I make an AJAX call to the .inc file.

Any thoughts?

]]> By: Adam Schwartzhttp://davidwalsh.name/htaccess-security-include-files/comment-page-1#comment-7585 Adam Schwartz Mon, 02 Feb 2009 09:08:18 +0000 http://davidwalsh.name/advanced-htaccess-security-block-access-to-include-files-using-htaccess/#comment-7585 This is very cool. A similar trick I use a lot, and I believe Wordpress uses as well, is to check to see if a php file is being accessed directly.<?php //this document is called file.php if ('file.php' == basename($_SERVER['SCRIPT_FILENAME'])) die ('Do not access this page directly.'); ?>(Please convert my _ to _ ) This is very cool. A similar trick I use a lot, and I believe WordPress uses as well, is to check to see if a php file is being accessed directly.

<?php
//this document is called file.php
if (‘file.php’ == basename($_SERVER['SCRIPT_FILENAME']))
die (‘Do not access this page directly.’);
?>

(Please convert my _ to _ )

]]> By: davidhttp://davidwalsh.name/htaccess-security-include-files/comment-page-1#comment-150 david Tue, 25 Mar 2008 23:19:26 +0000 http://davidwalsh.name/advanced-htaccess-security-block-access-to-include-files-using-htaccess/#comment-150 @pfwd: I believe if you're clever with regular expressions you should be able to. @pfwd: I believe if you’re clever with regular expressions you should be able to.

]]> By: pfwd.techhttp://davidwalsh.name/htaccess-security-include-files/comment-page-1#comment-152 pfwd.tech Tue, 25 Mar 2008 23:08:53 +0000 http://davidwalsh.name/advanced-htaccess-security-block-access-to-include-files-using-htaccess/#comment-152 nice work. Are you able to add multiple filenames/file paths to the tag? nice work.
Are you able to add multiple filenames/file paths to the tag?

]]> By: davidhttp://davidwalsh.name/htaccess-security-include-files/comment-page-1#comment-151 david Tue, 25 Mar 2008 22:26:24 +0000 http://davidwalsh.name/advanced-htaccess-security-block-access-to-include-files-using-htaccess/#comment-151 @Charles: It shouldn't matter where in your .htaccess file you place the above snippet. @Charles: It shouldn’t matter where in your .htaccess file you place the above snippet.

]]> By: charleshttp://davidwalsh.name/htaccess-security-include-files/comment-page-1#comment-149 charles Tue, 25 Mar 2008 15:04:06 +0000 http://davidwalsh.name/advanced-htaccess-security-block-access-to-include-files-using-htaccess/#comment-149 where in the .htaccess file do you place that code (the second block of code in your entry)? where in the .htaccess file do you place that code (the second block of code in your entry)?

]]>