Protecting PHP files from being called by other websites
https://stackoverflow.com//questions/11654461
-
11-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a website which fetches data from some PHP files to display it on the website. However, to protect my data to be used by other people, I wish to protect my PHP file being called by crawlers, bot etc to gather data.
I have prevented it by checking referral URL , but that can be easily by-passed. So, is there any other way to protect my data . I wish that only my website can call to those files.
Thanks !!
Solution 4
As suggested by DaveRandom, I finally used a cookie based authentication technique to avoid calling of PHP by other websites.
The server first sets a access code for each valid client. This access code is checked at the beginning of my PHP file.
Cookie is set a max time limit of 5 hrs and cookie is destroyed on window close. This is working pretty fine for me.
Please mention if there is any glitches in this part !!
OTHER TIPS
Add Basic HTTP authentication in top of your php file:
if ( !isset($_SERVER['PHP_AUTH_USER']) ||
!isset($_SERVER['PHP_AUTH_PW']) ||
!($_SERVER['PHP_AUTH_USER'] == 'user' && $_SERVER['PHP_AUTH_PW'] == 'pw'))) {
header('WWW-Authenticate: Basic realm="Mirkwood"');
header('HTTP/1.0 401 Unauthorized');
die();
}
If you have Apache web server and in root directory of your site you create an .htaccess file (dot htaccess with no suffix).
Try this syntax to prevent access to specific file types:
<FilesMatch "\.(htaccess|htpasswd|ini|php)$">
Order Allow,Deny
Deny from all
</FilesMatch>
Another way is in all non-index php files you could include something like this:
In index.php, add an access value like this:
$access = 'my_value';
In every other file, include this check before even a single byte is echoed out by php:
if(empty($access)) {
header("location:index.php");
die();
}
I have a website which fetches data from some PHP files to display it on the website.
Move the files that contain the data outside of the document root. Assuming that the PHP files are just being accessed by another inside the docroot.
