I have three pages:
index.html
getjavascript.php?id=index
index.js
index.html includes the script
'getjavascript.php?id=index'
and getjavascript dynamically gets the script index.js.
Is there any way to prevent external users from directly accessing
getjavascript.php
using PHP?
index.js is in a hidden location.
Thanks,
It's possible by using htaccess.
Redirect /getjavascript.php http://example.com/newdirectory/
Now I see two ways to solve your problem
Put the include script outside of the document root. For example, if you have your root in public_html, create a folder outside public_html to put your included files in. That way, your script can read them but random people on the internet can't.
I'm assuming that index.html contains an include similar to the snippet below (assumption is that we're doing a client-side pull of this javascript).
<script type="text/JavaScript" src="getjavascript.php?id=index" />
If your intent is to hide secrets within the javascript file, there is no way of stopping a user from retrieving the contents. They can trivially use developer tools to view the contents. Furthermore, because the browser needs to download the file, there's not really a way to distinguish between a user accessing directly versus a browser retrieving this file.
If your intent is to obfuscate the fact that your server is using PHP, you can use mod_rewrite to remove the extension.
Server side includes are a different story and modifications to .htaccess or moving this file outside of your webroot directory would work.