禁止使用.htaccess EXCEPT for XMLHttpRequest访问php文件(文件夹) [英] Prevent access to php files (folder) with .htaccess EXCEPT for XMLHttpRequest
问题描述
我有一个文件夹 www.mysite.com/page/panel/soascripts /
,其中有10个不同的PHP文件。
我想防止访问文件夹 soascripts 及其中的php文件。除了 X-Requested-With = XMLHttpRequest
(用于ajax)。 htaccess有可能吗?
I have a folder www.mysite.com/page/panel/soascripts/
where there are 10 different PHP files.
I want to prevent access to the folder soascripts and the php files in it. Except X-Requested-With = XMLHttpRequest
(for ajax). Is this possible with htaccess?
推荐答案
在soascripts文件夹中的htaccess文件中:
In the htaccess file in your soascripts folder:
RewriteEngine On
RewriteCond %{HTTP:X-Requested-With} !=XMLHttpRequest
RewriteCond %{HTTP:X-REQUESTED-WITH} !^(XMLHttpRequest)$
RewriteRule \.php$ - [L,F]
所以没有
X-Requested-With: XMLHttpRequest
请求标头,响应将被禁止为403。
request header, the response will be a 403 forbidden.
编辑:
如果要将规则添加到文档根目录,则只需要包括以下路径:
If you want to add the rules to the document root, you just need to include the path:
RewriteCond %{HTTP:X-Requested-With} !=XMLHttpRequest
RewriteCond %{HTTP:X-REQUESTED-WITH} !^(XMLHttpRequest)$
RewriteRule ^page/panel/soascripts/[^/.]+\.php$ - [L,F]
请确保在任何类型的路由规则之前( 之前添加它(例如将内容发送到 index.php
)。
Make sure to add it before any type of routing rules (like stuff being sent to index.php
).
这篇关于禁止使用.htaccess EXCEPT for XMLHttpRequest访问php文件(文件夹)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!