Chad Hendrixs
Chad Hendrixs

Reputation: 3

deny all traffic except a php file .htaccess

I have a index.php file that needs to access the folder "login", in order to get to the file "messages.json". The folder "login" is protected by a .htaccess that deny's everything. index.php needs to access login/messages.json, but is denied from accessing it (403).

I need to know how to set up my .htaccess to allow just my index.php to access login/messages.json, yet deny access from everything else.


Linux freeweb5.byetcluster.com 2.6.32-896.16.1.lve1.4.54.el6.x86_64 #1 SMP Wed May 2 07:43:19 EDT 2018 x86_64

Apache 2.0 Handler

PHP Version 7.3.6

I've tried to set up valid-user with the file, but it just didn't work. I would constantly get a 500 error and I couldn't figure out the issue.


My .htaccess file consists of just this:

deny from all

The php file that requests the file uses JQuery to do so, this being the ajax request:

$.ajax({url: 'login/messages.json', dataType: 'json', ifModified: true, timeout: 2000, success: function(messages, status){function_here}});

Upvotes: 0

Views: 240

Answers (1)

Manuel Panizzo
Manuel Panizzo

Reputation: 896

change your .htaccess

Deny from all
<FilesMatch messages\.json>
        Allow from all
</FilesMatch>

Your php file not request the messages.json! the browser of the client do because u are using Ajax.

You need allow http request to messages.json and deny access to all files.

Upvotes: 1

Related Questions