Utherr12 Posted February 11, 2011 Share Posted February 11, 2011 I want to deny any direct access (eg: typing the address in the browser) to a folder on my website. This folder contains all my scripts, but I want these scripts or folder to be accessible only by the PHP/Ajax scripts.How do i do this? I heard it's with a robots.txt file, but I have no ideea how to build one. Link to comment Share on other sites More sharing options...
Synook Posted February 11, 2011 Share Posted February 11, 2011 The easiest way to do that is just to place the files outside of the web root. Of course, this will stop XMLHttpRequest-style requests from accessing the scripts as well, as that request is made over HTTP from the client as well.robots.txt is just for stopping search engines from indexing pages. Link to comment Share on other sites More sharing options...
Utherr12 Posted February 11, 2011 Author Share Posted February 11, 2011 so there's no way to do this? There has to be, maybe a php trick ?For example if http request is made using POST all i have to do on the script page is to check the existence of the POST variable, if it doesn't exist the script doesn't do anything.Is this method ok ? Link to comment Share on other sites More sharing options...
Synook Posted February 11, 2011 Share Posted February 11, 2011 You could do that... but anyone can submit a post request anyway. An AJAX-style request is direct access. Link to comment Share on other sites More sharing options...
Utherr12 Posted February 12, 2011 Author Share Posted February 12, 2011 yes, but they can't do it from another domain, they have to do the request from the same domaine (eg: mine). So they can't send a POST request (it's simple with GET, but i will only use POST). Link to comment Share on other sites More sharing options...
Synook Posted February 12, 2011 Share Posted February 12, 2011 What's to stop them just writing their own JS on your page? Anyway, it is trivially possible to forge a POST request and send it, and your website can't tell the difference. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.