My index.php
includes header.php
and footer.php
by this way:
define("LEGAL_PATH", TRUE);
include("header.php");
// ...
include("footer.php");
And each of my included files begins with:
if (!defined("LEGAL_PATH"))
{
header("location: index.php");
exit(0);
}
For the moment, when we load the header.php
(or footer.php
), we are redirected on the index.php
page. When we try to curl the header.php
, it returns a blank page (thanks to the exit(0)
).
Question:
Regarding bad people, I would like to generate a 404 error (as when we try to access to efjiozfjoijefiojzeof.php
for instance) even if we load the page with curl: in this case (with a curl command), the header location is nonfonctionnal.
The curl output which I had (when there is no exit(0)
):
$> curl https://www.mywebsite.com/header.php
NOBODY SHOULD READ THIS DIRECTLY FROM HEADER.PHP FILE
The curl output which I currently have (when there is the exit(0)
):
$> curl https://www.mywebsite.com/header.php
$>
The curl output which I would like to have:
$> curl https://www.mywebsite.com/header.php
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /headzefjzefjp.php was not found on this server.</p>
</body></html>
$>
My idea was to include the 404 page file, but when I curl in verbose mode, I still have a 200 error code (and not a 404):
$> curl https://.../header.php -v
...
> GET /header.php HTTP/1.1
> Host: ...
> User-Agent: curl/7.51.0
> Accept: */*
>
< HTTP/1.1 200 OK
...
So, what is the good way to really ignore the header.php file (from browsers, curl, etc)?