Kallewallex
Reputation: 521
Prevent access to php files (folder) with .htaccess EXCEPT for XMLHttpRequest
I have a folder www.mysite.com/page/panel/soascripts/ where there are 10 different PHP files.
I want to prevent access to the folder soascripts and the php files in it. Except X-Requested-With = XMLHttpRequest (for ajax). Is this possible with htaccess?
Upvotes: 1
Views: 1803
Answers (1)
Jon Lin
Reputation: 143856
In the htaccess file in your soascripts folder:
RewriteEngine On
RewriteCond %{HTTP:X-Requested-With} !=XMLHttpRequest
RewriteCond %{HTTP:X-REQUESTED-WITH} !^(XMLHttpRequest)$
RewriteRule \.php$ - [L,F]
So without the
X-Requested-With: XMLHttpRequest
request header, the response will be a 403 forbidden.
EDIT:
If you want to add the rules to the document root, you just need to include the path:
RewriteCond %{HTTP:X-Requested-With} !=XMLHttpRequest
RewriteCond %{HTTP:X-REQUESTED-WITH} !^(XMLHttpRequest)$
RewriteRule ^page/panel/soascripts/[^/.]+\.php$ - [L,F]
Make sure to add it before any type of routing rules (like stuff being sent to index.php).
Upvotes: 2
Related Questions
- Stop direct access to all files in a folder, but allow ajax requests
- Protect ajax files from direct call using htaccess
- deny all traffic except a php file .htaccess
- Deny external access to php files
- Modify .htaccess to deny access into folder, but allow access only from my site using ajax to specific files
- How to deny direct access to files in AJAX directory
- Deny access to directory with .htaccess
- Block direct access to PHP file except from AJAX request?
- Deny ajax file access using htaccess
- How to deny ajax PHP files from browser