Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 160
  • Last Modified:

stop referals

Before I try and spend ages to try and figure this out I thought Id ask first.

My website uses index.php as the main page, all other pages are loaded in via ajax into divs on the main index.php page.

Is it possible using RewriteEngine to block access to everything (including images and php scripts) apart from if called from index.php

Can anyone advise, before I spend ages trying to figure this out?
0
tonelm54
Asked:
tonelm54
2 Solutions
 
edster9999Commented:
What about something in the site / folder definition like :

order allow,deny
<FilesMatch "^(index\.php)?$">
    allow from all
</FilesMatch>
0
 
arober11Commented:
Yes, but you may need to look at the Apache access log to see what HTTP_REFERER is set on the Ajax calls, if any, then add something along the following lines to your httpd.conf:

RewriteEngine On
RewriteCond %{REQUEST_URI}     !(index\.php|/)$  [NC]
RewriteCond %{HTTP_REFERER} !(yourdomain\.com|localhost) [NC]
RewriteRule .*      -                 [F,L]

Open in new window


If no HTTP_REFERER is set you'll need to use a cookie instead, and replace the Referer condition with a test to see if a cookie from your site is present e.g. a cookie named: mySitesCookie

RewriteEngine On
RewriteCond %{REQUEST_URI}     !(index\.php|/)$  [NC]
RewriteCond %{HTTP_COOKIE}    mySitesCookie=(.+)  [NC]
RewriteRule .*      -                 [F,L]

Open in new window


Note it's relatively easy for a bot script to forge and send either a fake http header or cookie, so the above isn't fool proof.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now