问题
I want to protect a directory and the php files in it, from direct web access through an .htaccess file like this:
IndexIgnore *
<Files ~ "\.(php)$">
order allow,deny
deny from all
</Files>
but I want to be able to send ajax requests from a javascript file to those php files an get a result. Is this possible?
回答1:
You can only allow POST-requests. Accessing the page from the browser results in an error code, but posting from ajax works. See here.
Note: this qualifies as security through obscurity. If someone looks at your javascript, they'll find out how to get the page results.
来源:https://stackoverflow.com/questions/9953913/deny-access-to-directory-with-htaccess