dshyu6866 2015-11-08 17:00
浏览 63
已采纳

为什么阻止直接URL访问也会从Web服务器上的文件中删除Ajax调用?

I want to block Url (external) access to PHP file in the folder "/mi-php/". So I created a .htaccess file within /mi-php folder with the following codes:

<Files *.php>
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
</Files>

Sure, the php files are blocked from directly url access. However, when I try to call this php (/mi-php/jobdata.php) file using Ajax in one file on the webserver as follows:

$(document).ready( function () { $.getJSON("/mi-php/jobdata.php", function(data){ etc etc

It is also blocked. I thought calling by another file under the same website root directory is considered "localhost" access. I guess I am wrong. But how to make the php file accessible to only my own files under the root directory?

  • 写回答

2条回答 默认 最新

  • dptdb84606 2015-11-08 17:39
    关注

    I don't see that there are any bullet proof ways of solving this. The only way I can think of is to see if the call is an Ajax call.

    if (empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') {
    die();
}

    Based on David Walsh blog post here.

    You need to add the above snippet in the top of each file you're trying to block. There are two things to consider.

    1. Anyone can modify the header of their call and add the above header.
    2. Some servers/ajax-clients don't send this header (Apache and jQuery does).

    There might be more you can check in your script but this would be a start.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥20 完全没有学习过GAN,看了CSDN的一篇文章,里面有代码但是完全不知道如何操作
  • ¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
  • ¥20 软件测试决策法疑问求解答
  • ¥15 win11 23H2删除推荐的项目,支持注册表等
  • ¥15 matlab 用yalmip搭建模型,cplex求解,线性化处理的方法
  • ¥15 qt6.6.3 基于百度云的语音识别 不会改
  • ¥15 关于#目标检测#的问题:大概就是类似后台自动检测某下架商品的库存,在他监测到该商品上架并且可以购买的瞬间点击立即购买下单
  • ¥15 神经网络怎么把隐含层变量融合到损失函数中?
  • ¥15 lingo18勾选global solver求解使用的算法
  • ¥15 全部备份安卓app数据包括密码,可以复制到另一手机上运行