{"flag":true,"single":true,"pageTitle":"php_value auto_prepend_file, and php_value auto_append_file execute php files before or after every php file","post":{"id":315,"user_id":"1","slug":"php-value-auto-prepend-file-and-php-value-auto-append-file-execute-php-files-before-or-after-every-php-file-s6ox","title":"php_value auto_prepend_file, and php_value auto_append_file execute php files before or after every php file","body":"

PHP provides two special configuration options that allow you to automatically run PHP code before or after every PHP script<\/strong> on your website:<\/p>\r\n

auto_prepend_file <\/strong>→ runs before every PHP script<\/p>\r\n

auto_append_file <\/strong>→ runs after every PHP script<\/p>\r\n

These are often set in .htaccess, php.ini, or Apache VirtualHost.<\/strong><\/p>\r\n

1. What is auto_prepend_file?
<\/strong>This directive forces PHP to automatically include a PHP file before running any script.<\/p>\r\n

php_value auto_prepend_file \"\/home\/user\/public_html\/firewall.php\"<\/code><\/pre>\r\n
Before running index.php, login.php, api.php, blog.php, <\/strong>etc., PHP will FIRST execute firewall.php.<\/strong><\/p>\r\n
Purposes
1. <\/strong>Load Global Config (edit as needed) \/home\/user\/public_html\/firewall.php 
<\/strong><\/p>\r\n
$FIREWALL_CONFIG = [\r\n    \"rate_limit_requests\" => 30,           \/\/ max requests\r\n    \"rate_limit_seconds\"  => 60,           \/\/ in 60 seconds\r\n    \"log_directory\"        => __DIR__ . \"\/fw-logs\",\r\n    \"blocked_ip_file\"      => __DIR__ . \"\/blocked-ips.txt\",\r\n    \"track_user_activity\"  => true,\r\n];<\/code><\/pre>\r\n
this Loads global settings safely<\/p>\r\n
2. Blocked IPs System<\/strong><\/p>\r\n
$blocked_ips_file =  __DIR__ . \"\/blocked-ips.txt\",\r\nif (!file_exists($blocked_ips_file)) {\r\n    file_put_contents($blocked_ips_file, \"\");\r\n}\r\n\r\n$blocked_ips = file($blocked_ips_file, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);\r\n\r\n$ip = $_SERVER['REMOTE_ADDR'] ?? 'UNKNOWN';\r\n\r\nif (in_array($ip, $blocked_ips)) {\r\n    header(\"HTTP\/1.1 403 Forbidden\");\r\n    exit(\"Access Denied\");\r\n}\r\n<\/code><\/pre>\r\n
Reads blocked-ips.txt, Immediately blocks any banned IP, Auto-adds bad bots to block list<\/p>\r\n
3. Basic Attack Filtering<\/strong><\/p>\r\n
$bad_user_agents = [\r\n    'curl', 'wget', 'python', 'bot', 'crawl', 'spider',\r\n    'scan', 'sqlmap', 'nmap', 'masscan'\r\n];\r\n\r\n$ua = strtolower($_SERVER['HTTP_USER_AGENT'] ?? '');\r\n\r\nforeach ($bad_user_agents as $bad) {\r\n    if (strpos($ua, $bad) !== false) {\r\n        exit(\"Access Denied (Bad Bot)\");\r\n    }\r\n}<\/code><\/pre>\r\n
Basic Attack Protection : <\/strong>curl, python scripts, sqlmap, spiders, bots, scanners, scrapers<\/p>\r\n
4. Rate Limiting (per IP)<\/strong><\/p>\r\n
$rate_file = __DIR__ . \"\/fw-logs\" . \"\/rate_\" . str_replace('.', '_', $ip) . \".json\";\r\n\r\n$time_now = time();\r\n$rate_data = [\r\n    \"count\" => 0,\r\n    \"start\" => $time_now\r\n];\r\n\r\n\/\/ Load previous rate data\r\nif (file_exists($rate_file)) {\r\n    $rate_data = json_decode(file_get_contents($rate_file), true);\r\n}\r\n\r\n\/\/ Reset window if expired\r\nif ($time_now - $rate_data[\"start\"] > 60) {\r\n    $rate_data[\"count\"] = 0;\r\n    $rate_data[\"start\"] = $time_now;\r\n}\r\n\r\n\/\/ Count this request\r\n$rate_data[\"count\"]++;\r\nfile_put_contents($rate_file, json_encode($rate_data));\r\n\r\n\/\/ If limit exceeded → Block IP\r\nif ($rate_data[\"count\"] > 30) {\r\n    file_put_contents($blocked_ips_file, $ip . \"\\n\", FILE_APPEND);\r\n    header(\"HTTP\/1.1 429 Too Many Requests\");\r\n    exit(\"Too many requests. You are temporarily blocked.\");\r\n}<\/code><\/pre>\r\n
Allows 30 requests per minute per IP, Exceeds limit → auto-ban + 429<\/p>\r\n
5. Start Session Globally<\/strong><\/p>\r\n
if (session_status() === PHP_SESSION_NONE) {\r\n    session_start();\r\n}<\/code><\/pre>\r\n
 <\/p>\r\n
>>>>>>>>>>>>>>>>>><\/p>\r\n
auto_append_file: <\/strong>Used to include a PHP file after every PHP script finishes executing.<\/p>\r\n
php_value auto_append_file \"\/home\/user\/public_html\/footer.php\"<\/code><\/pre>\r\n
The path must be absolute, not relative


<\/p>","category_id":"1","is_private":"0","created_at":"2025-12-01T08:03:34.000000Z","updated_at":"2025-12-01T08:03:34.000000Z","category":{"id":1,"user_id":"1","name":"PHP","slug":"php-3ius","parent_id":null,"created_at":"2023-03-14T03:58:19.000000Z","updated_at":"2023-03-14T03:58:19.000000Z"},"user":{"id":1,"name":"R GONDAL","email":"rizikmw@gmail.com","email_verified_at":null,"two_factor_confirmed_at":null,"current_team_id":"1","profile_photo_path":null,"created_at":"2023-03-12T10:49:33.000000Z","updated_at":"2025-01-10T12:59:00.000000Z","profile_photo_url":"https:\/\/ui-avatars.com\/api\/?name=R+G&color=7F9CF5&background=EBF4FF"}},"pageDesc":"PHP provides two special configuration options that allow you to automatically run PHP code before or after every PHP script on your website - php_value auto_prepend_file, and php_value auto_append_file execute php files before or after every php file (Updated: December 1, 2025) - Read more about php_value auto_prepend_file, and php_value auto_append_file execute php files before or after every php file at my programming site [SITE]","categories":[]}