1

I want to protect a directory and the php files in it, from direct web access through an .htaccess file like this:

IndexIgnore *
<Files ~ "\.(php)$">
  order allow,deny
  deny from all
</Files>

but I want to be able to send ajax requests from a javascript file to those php files an get a result. Is this possible?

Zosimas
  • 518
  • 4
  • 15
  • See here: http://stackoverflow.com/questions/3466802/deny-ajax-file-access-using-htaccess – Ehsan Jul 11 '12 at 04:24

1 Answers1

3

You can only allow POST-requests. Accessing the page from the browser results in an error code, but posting from ajax works. See here.

Note: this qualifies as security through obscurity. If someone looks at your javascript, they'll find out how to get the page results.

Jesse van Assen
  • 2,240
  • 2
  • 16
  • 19
  • Thank you, that is what I wanted. I don't really care about the security, I just don't want to be directly accessed. – Zosimas Mar 31 '12 at 08:13