Reputation: 3
deny all traffic except a php file .htaccess
I have a index.php file that needs to access the folder "login", in order to get to the file "messages.json". The folder "login" is protected by a .htaccess that deny's everything. index.php needs to access login/messages.json, but is denied from accessing it (403).
I need to know how to set up my .htaccess to allow just my index.php to access login/messages.json, yet deny access from everything else.
Linux freeweb5.byetcluster.com 2.6.32-896.16.1.lve1.4.54.el6.x86_64 #1 SMP Wed May 2 07:43:19 EDT 2018 x86_64
Apache 2.0 Handler
PHP Version 7.3.6
I've tried to set up valid-user with the file, but it just didn't work. I would constantly get a 500 error and I couldn't figure out the issue.
My .htaccess file consists of just this:
deny from all
The php file that requests the file uses JQuery to do so, this being the ajax request:
$.ajax({url: 'login/messages.json', dataType: 'json', ifModified: true, timeout: 2000, success: function(messages, status){function_here}});
Upvotes: 0
Views: 240
Answers (1)
Reputation: 896
change your .htaccess
Deny from all
<FilesMatch messages\.json>
Allow from all
</FilesMatch>
Your php file not request the messages.json! the browser of the client do because u are using Ajax.
You need allow http request to messages.json and deny access to all files.
Upvotes: 1
Related Questions
- Block direct access to .php files, less the index.php file and ajax.php file
- Stop direct access to all files in a folder, but allow ajax requests
- Block access to PHP file using .htaccess
- Deny external access to php files
- Block direct HTTP access to a PHP File
- Deny access to directory with .htaccess
- Prevent access to php files (folder) with .htaccess EXCEPT for XMLHttpRequest
- Block direct access to PHP file except from AJAX request?
- Deny ajax file access using htaccess
- How to deny ajax PHP files from browser