Solved

stop referals

Posted on 2013-05-16
2
155 Views
Last Modified: 2013-06-03
Before I try and spend ages to try and figure this out I thought Id ask first.

My website uses index.php as the main page, all other pages are loaded in via ajax into divs on the main index.php page.

Is it possible using RewriteEngine to block access to everything (including images and php scripts) apart from if called from index.php

Can anyone advise, before I spend ages trying to figure this out?
0
Comment
Question by:tonelm54
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 20

Assisted Solution

by:edster9999
edster9999 earned 250 total points
ID: 39172866
What about something in the site / folder definition like :

order allow,deny
<FilesMatch "^(index\.php)?$">
    allow from all
</FilesMatch>
0
 
LVL 26

Accepted Solution

by:
arober11 earned 250 total points
ID: 39198854
Yes, but you may need to look at the Apache access log to see what HTTP_REFERER is set on the Ajax calls, if any, then add something along the following lines to your httpd.conf:

RewriteEngine On
RewriteCond %{REQUEST_URI}     !(index\.php|/)$  [NC]
RewriteCond %{HTTP_REFERER} !(yourdomain\.com|localhost) [NC]
RewriteRule .*      -                 [F,L]

Open in new window


If no HTTP_REFERER is set you'll need to use a cookie instead, and replace the Referer condition with a test to see if a cookie from your site is present e.g. a cookie named: mySitesCookie

RewriteEngine On
RewriteCond %{REQUEST_URI}     !(index\.php|/)$  [NC]
RewriteCond %{HTTP_COOKIE}    mySitesCookie=(.+)  [NC]
RewriteRule .*      -                 [F,L]

Open in new window


Note it's relatively easy for a bot script to forge and send either a fake http header or cookie, so the above isn't fool proof.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today I am discussing AJAX problems in IE7 and I bet this will helps many guys out here who have problems with AJAX work. Lets start with the discovery of problem and then we will talk about its different solutions. My last two projects included …
jQuery is a JavaScript library that greatly simplifies JavaScript programming. AJAX is an acronym formed from "Asynchronous JavaScript and XML."  AJAX refers to any communication between client and server, when the human client does not observe a…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question