Securing cron file

Question

I've have a cron file, monthly.php and I want to prevent direct access using web browser. It should be accessible only through CPanel cron.

Thanks.

possible duplicate of [Can PHP detect if its run from a cron job or from the command line?](http://stackoverflow.com/questions/190759/can-php-detect-if-its-run-from-a-cron-job-or-from-the-command-line) — Your Common Sense, Oct 03 '11 at 13:50

score 5 · Answer 1 · answered Oct 03 '11 at 13:46

5

Don't put it under the webroot. Just execute it using the command line php program.

answered Oct 03 '11 at 13:46

Quentin

914,110
126
1,211
1,335

score 4 · Accepted Answer · answered Oct 03 '11 at 13:49

4

You can use a .htaccess to deny access to it. Or you can just move it out of the htdocs or public_html directory.

<Files "cron.php">
  Order deny,allow
  Allow from name.of.this.machine
  Allow from another.authorized.name.net
  Allow from 127.0.0.1
  Deny from all
</Files>

So it can only be requested from the server.

answered Oct 03 '11 at 13:49

Mob

10,958
6
41
58

Is it possible to set file permission to 640 to prevent direct access – Ajay Oct 03 '11 at 13:53

score 1 · Answer 3 · edited May 23 '17 at 12:15

1

If you, for some reason, need to put it in a webroot, try the following: Can PHP detect if its run from a cron job or from the command line?

edited May 23 '17 at 12:15

Community

1
1

answered Oct 03 '11 at 13:47

ChrisH

1,283
1
9
22

score 0 · Answer 4 · answered Oct 03 '11 at 13:48

Just pass in a key to it to protect it. And don't report "Key parameter is missing" to the browser, just die() if the key is not there. And please, dont use the parameter "key", use something of your own like:

http://myscript.com/monthly.php?mycomplexkeyname=ksldhfguorihgiauzsiludrfthgo45j1234134

Securing cron file

4 Answers4