Trying to comprehend the moments of security.

Tell me, are there any recipes to prohibit the launch of php scripts directly by a request from the browser?

I read the variant about setting a constant, for example, in index.php and then checking it in all include files. Is it possible to somehow restrict access to those that do not include?

Or is it all a bad idea and done differently?

  • 2
    Yes, it is done differently. See my answer to the question where I explained how in modern PHP projects they are protected from arbitrary calling of PHP files: “ Is it possible for a user to see the source PHP code of the site? ”. I could just copy the answer, but I don’t think it’s right to do that. - neluzhin
  • I prohibit direct access via .htaccess - Yuri

0