Solved

stop referals

Posted on 2013-05-16
2
154 Views
Last Modified: 2013-06-03
Before I try and spend ages to try and figure this out I thought Id ask first.

My website uses index.php as the main page, all other pages are loaded in via ajax into divs on the main index.php page.

Is it possible using RewriteEngine to block access to everything (including images and php scripts) apart from if called from index.php

Can anyone advise, before I spend ages trying to figure this out?
0
Comment
Question by:tonelm54
2 Comments
 
LVL 20

Assisted Solution

by:edster9999
edster9999 earned 250 total points
ID: 39172866
What about something in the site / folder definition like :

order allow,deny
<FilesMatch "^(index\.php)?$">
    allow from all
</FilesMatch>
0
 
LVL 26

Accepted Solution

by:
arober11 earned 250 total points
ID: 39198854
Yes, but you may need to look at the Apache access log to see what HTTP_REFERER is set on the Ajax calls, if any, then add something along the following lines to your httpd.conf:

RewriteEngine On
RewriteCond %{REQUEST_URI}     !(index\.php|/)$  [NC]
RewriteCond %{HTTP_REFERER} !(yourdomain\.com|localhost) [NC]
RewriteRule .*      -                 [F,L]

Open in new window


If no HTTP_REFERER is set you'll need to use a cookie instead, and replace the Referer condition with a test to see if a cookie from your site is present e.g. a cookie named: mySitesCookie

RewriteEngine On
RewriteCond %{REQUEST_URI}     !(index\.php|/)$  [NC]
RewriteCond %{HTTP_COOKIE}    mySitesCookie=(.+)  [NC]
RewriteRule .*      -                 [F,L]

Open in new window


Note it's relatively easy for a bot script to forge and send either a fake http header or cookie, so the above isn't fool proof.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
HHTP and HTTPS redirect question 3 122
advertisement module in core php 4 169
Bootstrap Datable Spinner 3 61
Ajax and PHP 9 29
jQuery is a JavaScript library that greatly simplifies JavaScript programming. AJAX is an acronym formed from "Asynchronous JavaScript and XML."  AJAX refers to any communication between client and server, when the human client does not observe a…
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question