开发者

restrict direct linking to AJAX pages in a certain directory

问答 作者:

I don't want to allow people to go directly to the pages in the AJAX directory but they still need to be served from their parent page. I have tried numerous .htaccess lines but they all block it from the main page as well. to sum up, I dont want people to be able to type in http://www.mysite.com/AJAX/page1.html and view it but page1.html needs to be brought into its parent page via AJAX.

<LIMIT GET POST>
Ord开发者_如何学编程er deny, allow
deny from all
</LIMIT>

blocks all access

Can you define a flag in the parent file define('IS_IN_SCRIPT',1); and check for it in the AJAX pages? will that work with AJAX pages or only PHP includes?

Determining Referer in PHP

Check if $_SERVER['HTTP_REFERER'] is in your domain (or a list of acceptable domains)

Then redirect if not. 

if (!empty($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'yourdomain.com') !== false) 
  { echo 'probably from your own site'; }

You could always set up something so that if a particular argument isn't passed in via GET or POST, the ajax page will just redirect you elsewhere.

In php, it'd look like

if(!isset($_POST['some_var']))
  header('Location: somePage.html');

$$ zoe_daemon

you need "linker" file to open private file from parent page via AJAX.

/*this is simple "linker" file to open private file in folder named "private" from parent page via AJAX.*/
//begin linker.php
<?php
   $link = $_GET["link"];
   include "../private/$link.php";
?>
//end linker.php

and then, file in "private" folder need to check if request URI is not contained string "private"; that is not valid to the user who want to directly private file. for axample, "login.php" inside folder named "private" cannot be accessed directly if you put this code before operational code you want to put 

//begin login.php
$count = 0;
$test = str_replace("name_of_directory_cannot_directly","dummy_string",$_SERVER['REQUEST_URI'], $count ); //or
if ($count > 0) {
    die "Ooouuuppppsss, you cannot access this file directly");
}
/*
//your code here....
*/
//end login.php

继续阅读:.htaccesssecurity

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9