block_url_invocation()
function block_url_invocation(string $module_name): void
Description
Blocks direct browser access to an entire module while allowing unrestricted internal access from PHP code. This function is designed for utility and service modules that should never be callable via a URL, such as payment processors, email handlers, or background workers.
When invoked, the function inspects the first URL segment and compares it to the supplied module name. If a match is detected, the request is immediately terminated with a 403 Forbidden response.
Performance Note: This function performs a simple string comparison and exits early, making it one of the fastest and safest ways to prevent URL invocation at the module level.
Parameters
| Parameter | Type | Description |
|---|---|---|
| $module_name | string |
The name of the module to protect, written in lowercase. For child modules,
use the hyphenated parent-child format.
|
Return Value
| Type | Description |
|---|---|
| void | Does not return a value. If URL access is detected, execution stops immediately and a 403 response is sent. |
Example Usage
The most common usage is inside a controller constructor to block all methods in the module from being accessed via a URL.
Child Module Example
If your module is nested inside another module, use the hyphenated format when specifying the module name.
When to Use block_url_invocation()
- The module should never be accessed via a browser
- All methods are intended for internal code use only
- You want absolute protection with zero configuration