Skip to main content
C
christopherkowalski
Inspiring
April 27, 2009
Question

How to prevent CFINCLUDES from being accessed directly?

  • April 27, 2009
  • 2 replies
  • 879 views

For the life of me I can't locate a script I once came across that prevented CFINCLUDE files from being directly accessed.

Does anyone have something along these lines?

This topic has been closed for replies.

2 replies

N
newchickinCF
Inspiring
May 1, 2009

Although you got your answer, u can also try something like this:

<cfif listlast(cgi.script_name, "/") eq "admin.cfm">
  <cflocation url="index.cfm?action=config" addtoken="no">
</cfif>

D
Dan_Bracuk
Inspiring
April 27, 2009

<cfif StructKeyExists(variables, "some variable from the page including this template">

code

<cfelse>

error handling

</cfif>

C
christopherkowalskiAuthor
Inspiring
April 27, 2009

Thanks Dan, that certainly works, and is similar to what I currently do.

I just thought I recall seeing some form of ColdFusion function that specifically generated an error if the file was not being included via CFINCLUDE.

ilssac
ilssac
Inspiring
April 27, 2009

IIRC you can put the includes into a directory(ies) outside of the web root so that they can not be accesssed directly from a browser.

But I always have to double check myself on the differences between includes, custom tags, modules and components and who can easily be in outside directories and who can't and which need mappings and which not.

HTH

Ian

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices