I am using a JS library that requires JSON data to be passed to it in order to display information. I need to parse this data via a PHP script, as below:
$.getJSON('http://example.com/q.php?a=3298&b=test', function(data)...
Is there a way to restrict this query to the server / localhost? I don't want a third-party person or website from being able to retrieve data by going directly to http://example.com/q.php?a=3298&b=test&callback=? .
It sounds like what you want is to not restrict it to localhost, as that would mean that only your server could access this URL (and unless your browser is running on your server and you're the only person using it, this probably isn't what you want).
If I understand correctly, you need a visitor accessing your site to be able to use this within your JS code, but you don't want them to snag the URL, modify the parameters, and pull arbitrary data from your server.
If that's the case, then what you'll want to do is to encrypt or hash the values that you pass. Instead of what you're doing now:
http://example.com/q.php?a=3298&b=test
Do something like this:
http://example.com/q.php?token=fjsdfa6f98sfuspojfj
Where fjsdfa6f98sfuspojfj is something you've pre-created on your server that corresponds with a=3298&b=test. This way, someone can't screw with the token and enter a value that corresponds with other versions of a and b.
Use .htaccess:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^127\.0\.0\.1$
RewriteRule ^q.php$ - [F]
Or you can restrict the access via PHP:
if($_SERVER["REMOTE_ADDR"] != "127.0.0.1")
die();
