拒绝访问目录中的.htaccess [英] Deny access to directory with .htaccess

问题描述

我想通过.htaccess文件这样的保护目录，并在它的PHP文件，直接从网络访问：

I want to protect a directory and the php files in it, from direct web access through an .htaccess file like this:

IndexIgnore *
<Files ~ "\.(php)$">
  order allow,deny
  deny from all
</Files>

但我希望能够给Ajax请求的一个JavaScript文件发送给那些PHP文件的获取结果。这可能吗？

but I want to be able to send ajax requests from a javascript file to those php files an get a result. Is this possible?

推荐答案

您可以只允许后请求。从错误code中的浏览器访问结果页面，而是来自阿贾克斯的作品发布。请参见这里。

You can only allow POST-requests. Accessing the page from the browser results in an error code, but posting from ajax works. See here.

注：此资格作为安全通过模糊。如果有人看你的JavaScript，他们将了解如何让页面的结果。

Note: this qualifies as security through obscurity. If someone looks at your javascript, they'll find out how to get the page results.

这篇关于拒绝访问目录中的.htaccess的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！