Run a script.php on cron job on linux/apache server but restrict public access to the php file

Question

I have this script.php file which i want to run as a cron job on my linux/apache server.

However, i do not want public to access www.mycompanyname.com/script.php and

Answer 1

You probably have something like a public_html directory, in which you have all the phps. Just put it outside of that directory.

Answer 2

Method 1.

If you are executing PHP directly from the Cron Job e.g. php /path/to/your_script.php then add the following line at the top of your PHP script:

if (php_sapi_name() !='cli') exit;

Method 2.

If the Cron Job uses wget, curl or lynx to run your script via its URL, then insert this code at the top of your PHP script (change the User Agent string to one known only by you) :

if ($_SERVER['HTTP_USER_AGENT'] != 'yourSecretAgent') exit;

You will also have to set the User Agent in the Cron Job; as in this wget example:

wget -O - --user-agent=“yourSecretAgent” http://example.com/your_script.php

Answer 3

If you put the script outside of the webroot folder it will not be accessible through your webserver. e.g. your webroot is at /var/www/public_html/ you put the script.php outside of that folder, for example: /var/www/

Answer 4

You can do this as the first line of PHP in script.php...

if (PHP_SAPI !== 'cli') {
    exit;
}

If someone hits your script via HTTP, the PHP_SAPI will be cgi I believe, and not cli, causing your script to exit straight away.

Of course, this relies on your cron calling php script.php.

You could also send...

header('HTTP/1.0 404 Not Found');

... or of course, leave it outside your web root.