NYCPHP Meetup

NYPHP.org

[nycphp-talk] Re: IIS 5 and .inc files

Dan Cech dcech at phpwerx.net
Tue Jan 13 13:55:26 EST 2004


Hi Emmanuel,

I do not use IIS myself, so I am not sure if there is a mechanism to 
perform the function you need, though I haven't been able to find 
anything in the documentation.

One solution which may solve the problem is to associate the .inc 
extension with php, and then include the following code at the top of 
your .inc files:

if ( $_SERVER['PHP_SELF'] == __FILE__ )
{
	exit;
}

You can gain similar functionality by defining a constant in your 
index.php with:

define ('MY_CONSTANT', 1);

and then in index.inc:

if ( !defined ('MY_CONSTANT') )
{
	exit;
}

Other than that, my advice is to use a real webserver.

Dan

Emmanuel Décarie wrote:

> Hello Keith, thanks for the reply.
> 
> If I understand you, your suggestion doesn't help to resolve my problem because
> the access control is based on a repertory when I want this access control based
> on the suffix of the file.
> 
> Your solution will not work if I have a repertory with this content:
> http://localhost/testing/index.php
> http://localhost/testing/index.inc
> 
> With Apache, it’s easy to tell the server not to serve files that ends with
> ".inc". I'm trying to figure out if this is possible with IIS 5.
> 
> Cheers
> -Emmanuel
> 
> 
> 
>>Keith J Richardson Keith.Richardson at thompsonhealth.com 
>>Tue Jan 13 13:23:06 EST 2004 
> 
> 
>>1) Need PHP to include a file from a directory. in my example, it is
> 
> http://localhost/testing/index.php
> 
>>2) The include directory needs to have scripts able to read it, but must deny
> 
> browsing to those pages. - http://localhost/testing/include/lib.inc
> 
>>What I did:
>>
>>1) Go into IIS management, and select the directory that you want to change the
> 
> persmissions on, and in my example, it is /testing/include/
> 
>>2) Right click on the folder, and select properties.
>>3) Uncheck read access. There should be nothing in the checkboxes.
>>4) Test!
>>
>>You disabled read access from IIS to access those files, so when you type in
> 
> http://localhost/testing/include/lib.inc - it will give you a HTTP 403.2 -
> Forbidden: Read Access Forbidden error. The reason why PHP can read the files,
> is that the system has NTFS permissions to read the file. When php opens a file
> to read, unless it opens it via a http:// command, it will read it locally,
> which IIS has no control over.
> --
> Emmanuel Décarie / Programmation pour le Web - Programming for the Web
> <http://scriptdigital.com/> - Blog: <http://blog.scriptdigital.com> - AIM: scriptdigital
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 




More information about the talk mailing list