Is there any way to prevent a .php file from being requested?

I have certain files like header.php and footer.php. I would like to disable these files from being directly requested from the browser addr开发者_JS百科ess bar.

If I have include 'file.php' in the code, then it should be included, but if it's directly requested, I don't want it to be shown since it serves no purpose. Is it possible?

Thanks in advance :)

You can do any of these things, in order of desirability (from "good" to "it kind of works"):

• Create them outside your web root. Example, assuming that /somepath/example.com/htdocs/ maps to http://example.com/:

/somepath/example.com/htdocs/index.php
/somepath/example.com/includes/header.php
/somepath/example.com/includes/footer.php

index.php:

<?php require_once('../includes/header.php') ?>

• Prevent access via .htaccess

<Files (header|footer).php>
Deny from all
</Files>

• (a hack if everything else fails) set a constant in the main file, die silently if not found.

index.php:

<?php define('INCLUDED_FROM_MAIN_FILE_EXAMPLE_COM',true) ?>

header.php:

<?php if (!defined('INCLUDED_FROM_MAIN_FILE_EXAMPLE_COM')) { die(); }

A common way of preventing that is creating a definition in index.php (or whatever you call it) and checking for that define.

That way you get something like this in your index.php

define('USING_INCLUDE', 1);

And this in your footer.php:

if(!defined('USING_INCLUDE')){
    header('HTTP/1.1 403 Forbidden');
    die();
}

Why about renaming them as header.php.inc? And then setting

<Files *.inc>
    Order allow,deny
    Deny from all
</Files *.inc>

I think that's pretty standard.