Prevent remote/external inclusion


#1

I’m working on a few foundational principles (re-doing a lot of old code), and i was wondering what the best way was to prevent external/remote file inclusion from sites other than my own.
for example:: I have data and code in an external file on my server (http://ex1.com/inc.php). I need to be able to include that file in multiple directories on my own server. However, i need to be able to restrict/deny access for people on any other domain (eg, http://ex2.com) from including it by doing
[php]include(‘http://ex1.com/firstinc.php’);[/php] or any other way of accessing the data therein.

I have been googling a lot of diff possibilities, some saying to just check the $_SERVER[‘REQUEST_URI’] across what it should be inside the php applications, and others are saying that using PHP to prevent this is speed reducing, and it should be done via .htaccess (which i am always wary of modifying)

I’m just looking for someone who has some experience with stuff like this :slight_smile:


#2

If you have cpanel it can be don.e through that, or a htaccess file