I don't want to allow people to go directly to the pages in the AJAX directory but they still need to be served from their parent page. I have tried numerous .htaccess lines but they all block it from the main page as well. to sum up, I dont want people to be able to type in http://www.mysite.com/AJAX/page1.html and view it but page1.html needs to be brought into its parent page via AJAX.
我不想让人们直接进入AJAX目录中的页面,但仍然需要从他们的父页面提供它们。我尝试了很多.htaccess行,但它们也都是从主页面阻止的。总而言之,我不希望人们能够输入http://www.mysite.com/AJAX/page1.html并查看它,但是需要通过AJAX将page1.html带入其父页面。
<LIMIT GET POST>
Order deny, allow
deny from all
</LIMIT>
blocks all access
阻止所有访问
Can you define a flag in the parent file define('IS_IN_SCRIPT',1); and check for it in the AJAX pages? will that work with AJAX pages or only PHP includes?
你能在父文件define('IS_IN_SCRIPT',1)中定义一个标志;并在AJAX页面中检查它?这将适用于AJAX页面还是仅包含PHP?
3 个解决方案
#1
3
在PHP中确定Referer
Check if $_SERVER['HTTP_REFERER'] is in your domain (or a list of acceptable domains)
检查$ _SERVER ['HTTP_REFERER']是否在您的域中(或可接受域列表)
Then redirect if not.
然后重定向,如果没有。
if (!empty($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'yourdomain.com') !== false)
{ echo 'probably from your own site'; }
#2
1
You could always set up something so that if a particular argument isn't passed in via GET or POST, the ajax page will just redirect you elsewhere.
您可以随时设置一些内容,以便在未通过GET或POST传递特定参数时,ajax页面只会将您重定向到其他位置。
In php, it'd look like
在PHP中,它看起来像
if(!isset($_POST['some_var']))
header('Location: somePage.html');
#3
0
$$ zoe_daemon
$$ zoe_daemon
you need "linker" file to open private file from parent page via AJAX.
你需要“链接”文件通过AJAX从父页面打开私人文件。
/*this is simple "linker" file to open private file in folder named "private" from parent page via AJAX.*/
//begin linker.php
<?php
$link = $_GET["link"];
include "../private/$link.php";
?>
//end linker.php
and then, file in "private" folder need to check if request URI is not contained string "private"; that is not valid to the user who want to directly private file. for axample, "login.php" inside folder named "private" cannot be accessed directly if you put this code before operational code you want to put
然后,在“private”文件夹中的文件需要检查请求URI是否包含字符串“private”;对于想要直接私有文件的用户无效。对于axample,如果您将此代码放在要放置的操作代码之前,则无法直接访问名为“private”的文件夹中的“login.php”
//begin login.php
$count = 0;
$test = str_replace("name_of_directory_cannot_directly","dummy_string",$_SERVER['REQUEST_URI'], $count ); //or
if ($count > 0) {
die "Ooouuuppppsss, you cannot access this file directly");
}
/*
//your code here....
*/
//end login.php
#1
3
在PHP中确定Referer
Check if $_SERVER['HTTP_REFERER'] is in your domain (or a list of acceptable domains)
检查$ _SERVER ['HTTP_REFERER']是否在您的域中(或可接受域列表)
Then redirect if not.
然后重定向,如果没有。
if (!empty($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'yourdomain.com') !== false)
{ echo 'probably from your own site'; }
#2
1
You could always set up something so that if a particular argument isn't passed in via GET or POST, the ajax page will just redirect you elsewhere.
您可以随时设置一些内容,以便在未通过GET或POST传递特定参数时,ajax页面只会将您重定向到其他位置。
In php, it'd look like
在PHP中,它看起来像
if(!isset($_POST['some_var']))
header('Location: somePage.html');
#3
0
$$ zoe_daemon
$$ zoe_daemon
you need "linker" file to open private file from parent page via AJAX.
你需要“链接”文件通过AJAX从父页面打开私人文件。
/*this is simple "linker" file to open private file in folder named "private" from parent page via AJAX.*/
//begin linker.php
<?php
$link = $_GET["link"];
include "../private/$link.php";
?>
//end linker.php
and then, file in "private" folder need to check if request URI is not contained string "private"; that is not valid to the user who want to directly private file. for axample, "login.php" inside folder named "private" cannot be accessed directly if you put this code before operational code you want to put
然后,在“private”文件夹中的文件需要检查请求URI是否包含字符串“private”;对于想要直接私有文件的用户无效。对于axample,如果您将此代码放在要放置的操作代码之前,则无法直接访问名为“private”的文件夹中的“login.php”
//begin login.php
$count = 0;
$test = str_replace("name_of_directory_cannot_directly","dummy_string",$_SERVER['REQUEST_URI'], $count ); //or
if ($count > 0) {
die "Ooouuuppppsss, you cannot access this file directly");
}
/*
//your code here....
*/
//end login.php