ds211107 2017-03-11 17:28
浏览 194
已采纳

阻止CURL访问特定页面

My index.php includes header.php and footer.php by this way:

define("LEGAL_PATH", TRUE);
include("header.php");
// ...
include("footer.php");

And each of my included files begins with:

if (!defined("LEGAL_PATH"))
{
    header("location: index.php");
    exit(0);
}

For the moment, when we load the header.php (or footer.php), we are redirected on the index.php page. When we try to curl the header.php, it returns a blank page (thanks to the exit(0)).

Question:

Regarding bad people, I would like to generate a 404 error (as when we try to access to efjiozfjoijefiojzeof.php for instance) even if we load the page with curl: in this case (with a curl command), the header location is nonfonctionnal.

The curl output which I had (when there is no exit(0)):

$> curl https://www.mywebsite.com/header.php
NOBODY SHOULD READ THIS DIRECTLY FROM HEADER.PHP FILE

The curl output which I currently have (when there is the exit(0)):

$> curl https://www.mywebsite.com/header.php
$>

The curl output which I would like to have:

$> curl https://www.mywebsite.com/header.php
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /headzefjzefjp.php was not found on this server.</p>
</body></html>
$>

My idea was to include the 404 page file, but when I curl in verbose mode, I still have a 200 error code (and not a 404):

$> curl https://.../header.php -v
...
> GET /header.php HTTP/1.1
> Host: ...
> User-Agent: curl/7.51.0
> Accept: */*
> 
< HTTP/1.1 200 OK
...

So, what is the good way to really ignore the header.php file (from browsers, curl, etc)?

  • 写回答

2条回答 默认 最新

  • douduoquan2824 2017-03-11 18:21
    关注

    The correct way to prevent people from accessing pages they are not supposed to access (like your header, footer or some libraries) is to put them outside of your document root.

    For example your folder structure could be like:

    documentroot/index.php
    header.php
    footer.php
    

    And your index.php would look like:

    <?php 
    require('../header.php');
    echo "some content";
    require('../footer.php');
    

    Instead of trying to return a 404 error, this is the easiest and most secure way to prevent users from accessing pages they are not supposed to access.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 cmd批处理参数如果含有双引号,该如何传入?
  • ¥15 fx2n系列plc的自控成型机模拟
  • ¥15 时间序列LSTM模型归回预测代码问题
  • ¥50 使用CUDA如何高效的做并行化处理,是否可以多个分段同时进行匹配计算处理?目前数据传输速度有些慢,如何提高速度,使用gdrcopy是否可行?请给出具体意见。
  • ¥15 基于STM32,电机驱动模块为L298N,四路运放电磁传感器,三轮智能小车电磁组电磁循迹(两个电机,一个万向轮),如何通过环岛的原理及完整代码
  • ¥20 机器学习或深度学习问题?困扰了我一个世纪,晚来天欲雪,能饮一杯无?
  • ¥15 c语言数据结构高铁订票系统
  • ¥15 关于wkernell.PDB加载的问题,如何解决?(语言-c#|开发工具-vscode)
  • ¥100 某宝多次访问被拒绝,求解
  • ¥15 (标签-STM32|关键词-智能小车)