In the situation where you have a Shared Hosting plan with a provider like GoDaddy without full access to the server, is there anything i can do to disallow outside HTTP requests for *.php files?
If anyone has experience with shared hosting or with GoDaddy specifically that would be appreciated. Im with GoDaddy and the only thing i can try is to mess with User/Group/World permissions of a php file, but no combinations enables server-only access to a file. And, obviously, i don’t have access to the apache server’s config file which is the easiest solution.
outside HTTP requests for *.php files
I’ll interpret this as requests from outside a set of people you’re willing to share the pages with. You want to limit access to your site.
Easiest approach –
Use an .htaccess file in DocumentRoot that limits access by IP address (if you are willing to force all the people who use the files to work from a limited set of IP addresses)
For Apache 2.2, in the .htaccess file, put
Order Deny,Allow Deny from all Allow from 18.104.22.168
For Apache 2.4, use
Require ip 22.214.171.124
Another quick solution would be to password protect the directory with the .php files. The configuration would look something like this:
AuthType Basic AuthName "Restricted Files" # (Following line optional) AuthBasicProvider file AuthUserFile "/usr/local/apache/passwd/passwords" Require user goodguy
You may want to find hosting with SSH access to give you more control.