stop direct access (.htaccess) and allow ajax request to subfolder

Question

I am trying to stop direct access to a subdirectories and the php files within subdirectories. I\'ve added the following code below to the .htaccess file within the subdirec

Answer 1

Put this code in your DOCUMENT_ROOT/.htaccess file:

RewriteEngine On

## disable direct access (but allow internal or AJAX requests)
RewriteCond %{HTTP_REFERER} !^$ 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.com/ [NC] 
RewriteRule ^subdir(/|$) - [F,NC]

Replace www.domain.com by your own domain name.

Note that this uses %{HTTP_REFERER} header to do this blocking and it is possible to manipulate this header value.