Jump to content

Deny direct access


Utherr12

Recommended Posts

I want to deny any direct access (eg: typing the address in the browser) to a folder on my website. This folder contains all my scripts, but I want these scripts or folder to be accessible only by the PHP/Ajax scripts.How do i do this? I heard it's with a robots.txt file, but I have no ideea how to build one.

Link to comment
Share on other sites

The easiest way to do that is just to place the files outside of the web root. Of course, this will stop XMLHttpRequest-style requests from accessing the scripts as well, as that request is made over HTTP from the client as well.robots.txt is just for stopping search engines from indexing pages.

Link to comment
Share on other sites

so there's no way to do this? There has to be, maybe a php trick ?For example if http request is made using POST all i have to do on the script page is to check the existence of the POST variable, if it doesn't exist the script doesn't do anything.Is this method ok ?

Link to comment
Share on other sites

You could do that... but anyone can submit a post request anyway. An AJAX-style request is direct access.

Link to comment
Share on other sites

yes, but they can't do it from another domain, they have to do the request from the same domaine (eg: mine). So they can't send a POST request (it's simple with GET, but i will only use POST).

Link to comment
Share on other sites

What's to stop them just writing their own JS on your page? Anyway, it is trivially possible to forge a POST request and send it, and your website can't tell the difference.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...