Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

stop referals

Posted on 2013-05-16
2
Medium Priority
?
158 Views
Last Modified: 2013-06-03
Before I try and spend ages to try and figure this out I thought Id ask first.

My website uses index.php as the main page, all other pages are loaded in via ajax into divs on the main index.php page.

Is it possible using RewriteEngine to block access to everything (including images and php scripts) apart from if called from index.php

Can anyone advise, before I spend ages trying to figure this out?
0
Comment
Question by:tonelm54
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 20

Assisted Solution

by:edster9999
edster9999 earned 1000 total points
ID: 39172866
What about something in the site / folder definition like :

order allow,deny
<FilesMatch "^(index\.php)?$">
    allow from all
</FilesMatch>
0
 
LVL 26

Accepted Solution

by:
arober11 earned 1000 total points
ID: 39198854
Yes, but you may need to look at the Apache access log to see what HTTP_REFERER is set on the Ajax calls, if any, then add something along the following lines to your httpd.conf:

RewriteEngine On
RewriteCond %{REQUEST_URI}     !(index\.php|/)$  [NC]
RewriteCond %{HTTP_REFERER} !(yourdomain\.com|localhost) [NC]
RewriteRule .*      -                 [F,L]

Open in new window


If no HTTP_REFERER is set you'll need to use a cookie instead, and replace the Referer condition with a test to see if a cookie from your site is present e.g. a cookie named: mySitesCookie

RewriteEngine On
RewriteCond %{REQUEST_URI}     !(index\.php|/)$  [NC]
RewriteCond %{HTTP_COOKIE}    mySitesCookie=(.+)  [NC]
RewriteRule .*      -                 [F,L]

Open in new window


Note it's relatively easy for a bot script to forge and send either a fake http header or cookie, so the above isn't fool proof.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Confluence of Individual Knowledge and the Collective Intelligence At this writing (summer 2013) the term API (http://dictionary.reference.com/browse/API?s=t) has made its way into the popular lexicon of the English language.  A few years ago, …
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question