Prevent remote/external inclusion


I’m working on a few foundational principles (re-doing a lot of old code), and i was wondering what the best way was to prevent external/remote file inclusion from sites other than my own.
for example:: I have data and code in an external file on my server ( I need to be able to include that file in multiple directories on my own server. However, i need to be able to restrict/deny access for people on any other domain (eg, from including it by doing
[php]include(‘’);[/php] or any other way of accessing the data therein.

I have been googling a lot of diff possibilities, some saying to just check the $_SERVER[‘REQUEST_URI’] across what it should be inside the php applications, and others are saying that using PHP to prevent this is speed reducing, and it should be done via .htaccess (which i am always wary of modifying)

I’m just looking for someone who has some experience with stuff like this :slight_smile:


If you have cpanel it can be don.e through that, or a htaccess file