0

Possible Duplicate:
Deny ajax file access using htaccess

I have a directory "AJAX" that has all my well AJAX content it is unformatted and ugly if you hit the pages directly. How do I stop someone from hitting http://www.site.com/AJAX/page1.php with the .htaccess file?

Community
  • 1
  • 1
Dirty Bird Design
  • 5,333
  • 13
  • 64
  • 121
  • have you tried.. searching? http://tinyurl.com/39d2ucw – drudge Oct 27 '10 at 00:52
  • Yes I tried..searching, and found the following Deny From All which doesn't let the files get served. Man, thats a lot of effort to be sarcastic. I need a way that will block people from browsing to the files but still let them be served. Just like my question asked. – Dirty Bird Design Oct 27 '10 at 00:53
  • Great job, too bad the question is 2 years old.... keep up the good work Ehsan! – Dirty Bird Design Jul 12 '12 at 21:14

1 Answers1

0

You don't really want to use .htaccess to block access to the content since you still need to be able to access this content from your application.

If you feel it's that important to keep people from directly loading this content you can route all traffic through a single php page like:

http://www.site.com/ajax.php?content=page1

and then in ajax.php you can restrict access to this content to only HTTP post and possibly through other means, like unique tokens. Like in the referring page create a unique token 123 and then use the url:

http://www.site.com/ajax.php?content=page1&token=123

and only serve the file if the token is still cached in memory.

While this will work, I don't see the point. If someone wants to load that page, who cares. You can't prevent them from accessing the content since you need it to run your application--they can always get it from browser cache or using a local http proxy.

Samuel Neff
  • 73,278
  • 17
  • 138
  • 182
  • Honestly I dont care. my boss does. The pages when viewed directly are unstyled and "unsightly" they get the css when they are brought in to the main page via jqeury .load. I know I could style them but he wants it this way. Ive tried passing a var to them, and I can get it to go to a 403 when hit directly but this also doesn't let them load in the main page using this on the main page and this on the individual pages is there something wrong with it? – Dirty Bird Design Oct 27 '10 at 03:14