限制直接链接到某个目录中的 AJAX 页面

发布于 2024-09-29 01:58:14 字数 449 浏览 0 评论 0原文

我不想让人们直接访问 AJAX 目录中的页面，但仍然需要从其父页面提供服务。我已经尝试了许多 .htaccess 行，但它们也都从主页上阻止了它。总而言之，我不希望人们能够输入 http://www.mysite.com /AJAX/page1.html 并查看它，但 page1.html 需要通过 AJAX 引入其父页面。

<LIMIT GET POST>
Order deny, allow
deny from all
</LIMIT>

阻止所有访问

您能否在父文件 define('IS_IN_SCRIPT',1); 中定义一个标志并在 AJAX 页面中检查它？它适用于 AJAX 页面还是仅适用于 PHP？

原文

I don't want to allow people to go directly to the pages in the AJAX directory but they still need to be served from their parent page. I have tried numerous .htaccess lines but they all block it from the main page as well. to sum up, I dont want people to be able to type in http://www.mysite.com/AJAX/page1.html and view it but page1.html needs to be brought into its parent page via AJAX.

<LIMIT GET POST>
Order deny, allow
deny from all
</LIMIT>

blocks all access

Can you define a flag in the parent file define('IS_IN_SCRIPT',1); and check for it in the AJAX pages? will that work with AJAX pages or only PHP includes?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

故乡的云 2024-10-06 01:58:14

确定 PHP 中的 Referer

检查是否 $_SERVER['HTTP_REFERER']在您的域（或可接受的域列表）中，

如果不在，则重定向。

if (!empty($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'yourdomain.com') !== false) 
  { echo 'probably from your own site'; }

Determining Referer in PHP

Check if $_SERVER['HTTP_REFERER'] is in your domain (or a list of acceptable domains)

Then redirect if not.

if (!empty($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'yourdomain.com') !== false) 
  { echo 'probably from your own site'; }

回复收藏 0 原文

書生途 2024-10-06 01:58:14

您始终可以设置一些内容，以便如果未通过 GET 或 POST 传入特定参数，ajax 页面只会将您重定向到其他地方。

在 php 中，它看起来像

if(!isset($_POST['some_var']))
  header('Location: somePage.html');

You could always set up something so that if a particular argument isn't passed in via GET or POST, the ajax page will just redirect you elsewhere.

In php, it'd look like

if(!isset($_POST['some_var']))
  header('Location: somePage.html');

回复收藏 0 原文

时光无声 2024-10-06 01:58:14

$$ zoe_daemon

您需要“链接器”文件才能通过 AJAX 从父页面打开私有文件。

/*this is simple "linker" file to open private file in folder named "private" from parent page via AJAX.*/
//begin linker.php
<?php
   $link = $_GET["link"];
   include "../private/$link.php";
?>
//end linker.php

然后，“private”文件夹中的文件需要检查请求URI是否不包含字符串“private”；这对于想要直接私有文件的用户无效。
例如，如果将此代码放在要放置的操作代码之前，则无法直接访问名为“private”的文件夹中的“login.php”

//begin login.php
$count = 0;
$test = str_replace("name_of_directory_cannot_directly","dummy_string",$_SERVER['REQUEST_URI'], $count ); //or
if ($count > 0) {
    die "Ooouuuppppsss, you cannot access this file directly");
}
/*
//your code here....
*/
//end login.php

$$ zoe_daemon

you need "linker" file to open private file from parent page via AJAX.

/*this is simple "linker" file to open private file in folder named "private" from parent page via AJAX.*/
//begin linker.php
<?php
   $link = $_GET["link"];
   include "../private/$link.php";
?>
//end linker.php

and then, file in "private" folder need to check if request URI is not contained string "private"; that is not valid to the user who want to directly private file.
for axample, "login.php" inside folder named "private" cannot be accessed directly if you put this code before operational code you want to put

//begin login.php
$count = 0;
$test = str_replace("name_of_directory_cannot_directly","dummy_string",$_SERVER['REQUEST_URI'], $count ); //or
if ($count > 0) {
    die "Ooouuuppppsss, you cannot access this file directly");
}
/*
//your code here....
*/
//end login.php

回复收藏 0 原文

~没有更多了~