views:

240

answers:

5

I have some pages that I don't want users to be able to access directly.

I have this function I came up with which works:

function prevent_direct_access()
{
    if($_SERVER['REQUEST_URI'] == $_SERVER['PHP_SELF'])
    {
     //include_once('404.php');
     header("Location: 404.php");
    }
}

This does exactly what I want, the URL does not change but the content does. However I am wondering if there is something I need to add to tell search engines that this is a 404 and not to index it. keep in mind I do not want the URL to change though.

Thanks!

A: 

for the search engines, if you return HTTP status 404 they should not index I believe. But you could always redirect to somewhere covered by a robots.txt

Colin Pickard
+4  A: 

Don’t redirect but send the 404 status code:

header($_SERVER['SERVER_PROTOCOL'].' 404 Not Found', true, 404);
exit;
Gumbo
I should add this along with the header() I have i my code or add this and remove the header() already in my code..just wanted to clarify..Thanks!
John Isaacks
Replace your `header` call with my code.
Gumbo
A: 

To ensure Search Engines don't index it, use a header command to send a 404, as the 2nd example on that page shows you.

Or put all such files in one folder, "includes" say, and add a "Deny /includes/" into your robots.txt file. This way, you can also add a ".htaccess" file in the same directory with one line - "Deny From All" - this will tell Apache to block access (if apache is configured properly), for another layer of security.

James
A: 

Is there a reason you are taking this approach rather than using robots.txt?

illvm
A: 

Just to clarify:

  • You have some PHP that you want available to other PHP programs on the system
  • You do not want anybody accessing it except by running one of the other PHP programs

(i.e. "direct" doesn't mean "except by following a link from another page on this site")

Just keep the PHP file outside the webroot. That way it won't have a URL in the first place.

David Dorward
Unfortunently there is a setting I cannot change that does not allow my scripts to access anything outside the document root.
John Isaacks
Sounds like you are looking for a workaround for having substandard hosting. I'd get better hosting if I were you :)
David Dorward