The easiest way for the generic "PHP app running on an Apache server that you may or may not fully control" situation is to put your includes in a directory and deny access to that directory in your.htaccess file.
Full Answer
How do I turn off remote access?
Click or tap on the slider button to disable remote access. Remember, if you do need someone to occasionally do remote admin, they can always ask you, you can enable it, and then disable it when they’re done.
What is the best way to allow remote users to access content?
The other possible access point for remote users is through file sharing. Generally speaking, file sharing is a terrific benefit and can offer lots of benefits, but obviously, you want the right people to be seeing your content, not the world at large.
How do I use a remote url in PHP?
Using remote files As long as allow_url_fopen is enabled in php.ini, you can use HTTP and FTP URLs with most of the functions that take a filename as a parameter. In addition, URLs can be used with the include, include_once, require and require_once statements (allow_url_include must be enabled for these).
Can users still access PHP include files directly?
Well, after this tutorial users will still be able to access the PHP include files directly, but they will show your own message “ Direct access not allowed ” instead of showing those error messages. I am going to discuss two methods now.
How to Prevent Direct Access to PHP File
Here are the steps to prevent direct access to PHP file. Let us say you have a PHP file /form.php at /var/www/html/form.php and it is executed during a form submission on your website http://example.com. Let us say that you don’t want people to access your PHP file directly at http://example.com/form.php. In such cases, follow the steps below.
1. Open PHP file in a text editor
Open terminal and run the following command to open form.php in a text editor.
Background
You downloaded and installed XAMPP for some research or experiment but do not want other people in the same network to have access to the local XAMPP web console. This can be achived using one of Apache HTTP Service’s core directives – <LocationMatch>
Start Apache HTTP Server
Depending how you installed XAMPP, you may have installed the HTTP server as a Windows service. If this is the case, Apache HTTP Server may already be running in you local machine. However, if you have not chosen that configuration, you can start or stop Apache HTTP Service from XAMPP’s Control Panel.
Verify Apache HTTP Server is running
To perform this, simply open a web browser and type in http://localhost and a XAMPP Welcome page displays.
Access XAMPP Remotely
Android mobile devices can be used as long as they are connected to the same network.
httpd-xampp.conf
Depending on the LAMP stack you selected, this security measure may already be on. If not, you can modify httpd-xampp.conf and add <LocationMatch> directive at the bottom of the file as shown on the image below.
How to disable remote admin access?
Click or tap on the slider button to disable remote access. Remember, if you do need someone to occasionally do remote admin, they can always ask you, you can enable it, and then disable it when they’re done. Safer than just leaving this access open and available.
How to protect your computer from malware?
But the easiest protection is to ensure that you have file sharing, remote desktop sharing, and Windows Quick Access sharing all disabled. Then run a deep malware scan with Windows Defender (included with Win10) or your own anti-virus program. Or both. Let’s step through these remote access settings so you can check your own PC and ensure you’ve got all those metaphorical hatches battened down.
Does Windows 10 Home support remote desktop?
If you’ve got Windows 10 Home Edition, you’ll click and then see something like this: It might be a bit hard to read, but it says “ Your Home edition of Windows 10 doesn’t support Remote Desktop .”. Okay, that’s good. If you have the Pro version of Win10, however, you might find that it does support Remote Desktop and that it’s enabled!
How to connect as a user other than anonymous?
To connect as a user other than 'anonymous', you need to specify the username (and possibly password) within the URL, such as ' ftp://user:password@ftp.example.com/path/to/file '. (You can use the same sort of syntax to access files via HTTP when they require Basic authentication.)
Can you use HTTP and FTP URLs in PHP?
As long as allow_url_fopen is enabled in php.ini, you can use HTTP and FTP URLs with most of the functions that take a filename as a parameter. In addition, URLs can be used with the include , include_once, require and require_once statements ( allow_url_include must be enabled for these). See Supported Protocols and Wrappers for more information about the protocols supported by PHP.