开发者

block access to AJAX directory with .htaccess [duplicate]

This question already has answers here: Closed 10 years ago.

Possible Duplicate:

Deny ajax file access using htaccess

I have a directory "AJAX" that has all my well AJAX content it is unformatted and ugly if you hit the pages directly. How do I stop someone开发者_运维技巧 from hitting http://www.site.com/AJAX/page1.php with the .htaccess file?


You don't really want to use .htaccess to block access to the content since you still need to be able to access this content from your application.

If you feel it's that important to keep people from directly loading this content you can route all traffic through a single php page like:

http://www.site.com/ajax.php?content=page1

and then in ajax.php you can restrict access to this content to only HTTP post and possibly through other means, like unique tokens. Like in the referring page create a unique token 123 and then use the url:

http://www.site.com/ajax.php?content=page1&token=123

and only serve the file if the token is still cached in memory.

While this will work, I don't see the point. If someone wants to load that page, who cares. You can't prevent them from accessing the content since you need it to run your application--they can always get it from browser cache or using a local http proxy.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜