I am setting up a new website and currently if I go to mydomian/php/someScript.php it will execute the php script. How can I let the files that include this still include this but not let anyone else execute these scripts from the browser. Currently I have this in my .htaccess file:

deny from all

but when I visit the site a AJAX post request is made to a script in this folder and is getting back a 403 error.

Any ideas on how to achieve this are welcome.


for clarity, some files in the php directory are requested by AJAX and I've now been made aware that these files cant have the desired permissions. However I would still like to put these permissions on the other files in this directory


Accepted Answer

The best solution is to put them outside of the web root directory if at all possible, that way you can include them but the web server can't serve them, no configuration is required at all in this case.

EDIT: I noticed you want to allow access to the scripts by AJAX. There is no way of doing this as there's no way of telling the difference between an AJAX request or other types of HTTP request with any reliability.

Written by GordonM
This page was build to provide you fast access to the question and the direct accepted answer.
The content is written by members of the stackoverflow.com community.
It is licensed under cc-wiki