Block access to a file using htaccess

Question

I have a .htaccess inside a folder with:

Order Deny,Allow
Deny from all
Allow from localhost
Satisfy Any

I try to limit access to a file that contains a hashed key, only to the same domain, to avoid Cross-site request forgery. I want only example.com to be able to read that file and not foreign_example.com, but when i read the file with a GET request a status of 403 forbidden is showed.

Edit1: I am using LiteSpeed Web Server which support htaccess module from Apache.

The code from my questions is the right answer from that question, but not works. — croppio.com, Feb 19 '13 at 08:18

score 1 · Accepted Answer · answered Feb 19 '13 at 08:03

1

You could try the "allow orign" method of Htaccess.

Header add Access-Control-Allow-Origin "example.com"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

Hope it works. Best regards. Jonas

answered Feb 19 '13 at 08:03

Jonas m

2,646
3
22
43

Also when you change the "example.com" to your actual domain? Have you removed your earlier code? – Jonas m Feb 19 '13 at 08:18

Block access to a file using htaccess

1 Answers1