使用 .htaccess 阻止对 AJAX 目录的访问
可能的重复:
使用 htaccess 拒绝 ajax 文件访问
我有一个目录“AJAX”,其中包含所有内容我的 AJAX 内容是无格式的,如果你直接点击页面的话会很丑。如何阻止某人点击 http://www.site.com/AJAX/page1.php 与 .htaccess 文件?
Possible Duplicate:
Deny ajax file access using htaccess
I have a directory "AJAX" that has all my well AJAX content it is unformatted and ugly if you hit the pages directly. How do I stop someone from hitting http://www.site.com/AJAX/page1.php with the .htaccess file?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您确实不想使用
.htaccess来阻止对内容的访问,因为您仍然需要能够从应用程序访问此内容。如果您觉得阻止人们直接加载此内容非常重要,您可以通过单个 php 页面路由所有流量,例如:
然后在 ajax.php 中,您可以限制对此内容的访问仅限 HTTP post 以及可能通过其他方式,例如独特的代币。就像在引用页面中一样,创建一个唯一的令牌 123,然后使用 url:
http ://www.site.com/ajax.php?content=page1&token=123
并且仅在令牌仍缓存在内存中时才提供文件。
虽然这会起作用,但我不明白有什么意义。如果有人想加载该页面,谁在乎呢。您无法阻止他们访问内容,因为您需要它来运行应用程序 - 他们始终可以从浏览器缓存或使用本地 http 代理获取内容。
You don't really want to use
.htaccessto block access to the content since you still need to be able to access this content from your application.If you feel it's that important to keep people from directly loading this content you can route all traffic through a single php page like:
and then in ajax.php you can restrict access to this content to only HTTP post and possibly through other means, like unique tokens. Like in the referring page create a unique token 123 and then use the url:
http://www.site.com/ajax.php?content=page1&token=123
and only serve the file if the token is still cached in memory.
While this will work, I don't see the point. If someone wants to load that page, who cares. You can't prevent them from accessing the content since you need it to run your application--they can always get it from browser cache or using a local http proxy.