prevent布劳尔访问的形式处理PHP文件 [英] prevent brower access to a form handler php file
问题描述
我知道这已经回答了很多SO,但我仍然有一个问题 - 我使用的cforms插件在Word preSS和我已经给它一个表单处理程序页面的URL,我想阻止直接上网本只允许cforms - 我用尽了一切我已经遇到,包括文件的权限,并把该文件的根目录之外,虽然一切块中的文件直接访问也似乎从cforms阻止它.....所以我假设他们正在阅读它作为一个浏览器就....所以我想我需要从每个人不同的请求(使用htacesss)从我的网络服务器即将阻止它.....但我是一个共享服务器和我不用想离开它给在其他领域上的攻击与我分享....所以我的问题是 - ?可以使用允许我的目标我的域名特别是在htaccess的
i know this has been answered lots on SO but i still have a question - i am using the cforms plugin in Wordpress and i've given it the url of a form handler page and i want to block direct access to this allowing only cforms - i've tried everything i've come across including file permissions and putting the file outside the root though everything that blocks the file to direct access also seems to block it from cforms ..... so i assume they're reading it as a browser would .... so i figure i'll need to block it from everybody except requests coming from my webserver (using htacesss) ..... but i am on a shared server and i dont want to leave it open to attack from the other domains on i share with .... so my question is this - can i target my domain specifically in htaccess using "allow" ?
感谢
PS这是我第一次在如此如此道歉,如果我还没有搜查够硬等
ps this is my first time on SO so apologies if i havent searched hard enough etc
推荐答案
由于表单(并为此还cforms)通过浏览器提交,你不能完全阻止浏览器请求对这些文件。
Since forms (and therefor also cforms) are submitted via a browser, you can't completely block browser requests to those files.
你可以做的不过是不是 POST 的要求,因为形式通常贴块请求。您可以检查的.htaccess 如果该请求是 POST 的要求,请参阅
<一href="http://stackoverflow.com/questions/2067393/using-rewriterule-in-htaccess-for-post-request">Using重写规则在.htaccess中的POST请求
What you could do however is block requests that are not POST requests, since forms are normally posted. You can check in .htaccess if the request is a POST request, see
Using RewriteRule in .htaccess for POST request
这篇关于prevent布劳尔访问的形式处理PHP文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
