Restrict direct access to file

Posted on 2006-04-25
Last Modified: 2010-08-05

I have a remote PHP file that echo's out some javascript on another domain.  The PHP file accepts GET values.  How could I go about preventing users from directly accessing the PHP file from the address bar, but the remote file that is linked still works?

So I want to stop users going to..

But if the PHP file is called like so...

<script type="text/javascript" src=""></script>

It will continue to work fine.

I'm thinking maybe .htacess?  

Question by:pD_EO
    LVL 3

    Accepted Solution

    Hey there,

    I recommend putting something like this at the top of your script:

    if(empty($_SERVER['HTTP_REFERER'])) exit;

    Note that it isn't the most secure or robust thing you could do, but it's by far the easiest.
    LVL 6

    Author Comment


    Yeah, already thought about doing it that way.  Some people turn of referrers though.

    Any other ideas? :)

    LVL 1

    Expert Comment


    You can check whether any parameters were passed with the request by doing the following:

          print('not allowed');

    You could also check that the user parameter was passed by doing this:

          print('not allowed');

    Its not exactly hacker proof but to stop the everyday user from requesting the page directly it should be enough.

    LVL 3

    Expert Comment

    You could also just encrypt your javascript if you're looking to protect it from others:


    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
    Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
    The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
    This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now