Prevent viewing certain .php files

I'm using PHP with Apache and pretty URLs with mod_rewrite.

I have an index.php where I include some other .php files that contain the content.

Now I'd like to prevent people from viewing those (content only) .php files, unless they are included via my index.php script of course.

This is the RewriteRule I'm using:

RewriteRule ^/?([a-zA-Z0-9/-]+)/?$ /index.php [NC,L]

It r开发者_开发知识库ewrites every request to the index.php where requests are handled and content is included accordingly.

Is there a way to do this with mod_rewrite, i.e. my .htaccess? To generally deny access to .php files or something like that?

Thanks!

Put a constant in you index file and then in each php file do something like:

defined('ALLOWED') or die('No direct script access.');

Keep your PHP files (except index.php) out of the web root. You can still include/require them from your code, but people won't be able to access them by URL.

How do you access these files currently if all requests are rewritten to index.php? You should not need to deny access.

Use

RewriteRule ^(.*)$ index.php [L]

and handle everything else in PHP.