I want to prevent the access shown in the picture below, but I don’t know how to set it up in apache
伊谢尔伦2017-05-16 17:05:48
You can restrict directory access
<Directory /var/www/html>
AllowOverride None
order deny,allow
deny from all
Allow from ip
</Directory>
or php_flag engine off
disable parsing php
But Ajax is for API access, add token verification as mentioned above
为情所困2017-05-16 17:05:48
If the script will not receive external requests, just Forbidden(403) directly in the web server, otherwise
Please refer to
/q/1010000000525855
@Windoze’s answers and comments
黄舟2017-05-16 17:05:48
Have done similar workWEB Server
为APP
providing interfaces.
For the solution proposed by the poster in the title (use apache
禁止),一开始就 是错误的思路 把问题想复杂了。像这样的需求,在php
文件里判断就行了,而真正达到99.99%安全的,就只能是两方通信带上认证(稍复杂,参见/q/1010000000525855)或者token
(it is relatively convenient to implement, see the one-time password verification of WEB Server+APP communication API).