限制直接链接到某个目录中的 AJAX 页面
我不想让人们直接访问 AJAX 目录中的页面,但仍然需要从其父页面提供服务。我已经尝试了许多 .htaccess 行,但它们也都从主页上阻止了它。总而言之,我不希望人们能够输入 http://www.mysite.com /AJAX/page1.html 并查看它,但 page1.html 需要通过 AJAX 引入其父页面。
<LIMIT GET POST>
Order deny, allow
deny from all
</LIMIT>
阻止所有访问
您能否在父文件 define('IS_IN_SCRIPT',1);
中定义一个标志并在 AJAX 页面中检查它?它适用于 AJAX 页面还是仅适用于 PHP?
I don't want to allow people to go directly to the pages in the AJAX directory but they still need to be served from their parent page. I have tried numerous .htaccess lines but they all block it from the main page as well. to sum up, I dont want people to be able to type in http://www.mysite.com/AJAX/page1.html and view it but page1.html needs to be brought into its parent page via AJAX.
<LIMIT GET POST>
Order deny, allow
deny from all
</LIMIT>
blocks all access
Can you define a flag in the parent file define('IS_IN_SCRIPT',1);
and check for it in the AJAX pages? will that work with AJAX pages or only PHP includes?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
确定 PHP 中的 Referer
检查是否
$_SERVER['HTTP_REFERER']
在您的域(或可接受的域列表)中,如果不在,则重定向。
Determining Referer in PHP
Check if
$_SERVER['HTTP_REFERER']
is in your domain (or a list of acceptable domains)Then redirect if not.
您始终可以设置一些内容,以便如果未通过 GET 或 POST 传入特定参数,ajax 页面只会将您重定向到其他地方。
在 php 中,它看起来像
You could always set up something so that if a particular argument isn't passed in via GET or POST, the ajax page will just redirect you elsewhere.
In php, it'd look like
$$ zoe_daemon
您需要“链接器”文件才能通过 AJAX 从父页面打开私有文件。
然后,“private”文件夹中的文件需要检查请求URI是否不包含字符串“private”;这对于想要直接私有文件的用户无效。
例如,如果将此代码放在要放置的操作代码之前,则无法直接访问名为“private”的文件夹中的“login.php”
$$ zoe_daemon
you need "linker" file to open private file from parent page via AJAX.
and then, file in "private" folder need to check if request URI is not contained string "private"; that is not valid to the user who want to directly private file.
for axample, "login.php" inside folder named "private" cannot be accessed directly if you put this code before operational code you want to put