Jump to content

Deny direct access


Utherr12
 Share

Recommended Posts

I want to deny any direct access (eg: typing the address in the browser) to a folder on my website. This folder contains all my scripts, but I want these scripts or folder to be accessible only by the PHP/Ajax scripts.How do i do this? I heard it's with a robots.txt file, but I have no ideea how to build one.

Link to comment
Share on other sites

The easiest way to do that is just to place the files outside of the web root. Of course, this will stop XMLHttpRequest-style requests from accessing the scripts as well, as that request is made over HTTP from the client as well.robots.txt is just for stopping search engines from indexing pages.

Link to comment
Share on other sites

so there's no way to do this? There has to be, maybe a php trick ?For example if http request is made using POST all i have to do on the script page is to check the existence of the POST variable, if it doesn't exist the script doesn't do anything.Is this method ok ?

Link to comment
Share on other sites

What's to stop them just writing their own JS on your page? Anyway, it is trivially possible to forge a POST request and send it, and your website can't tell the difference.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...