Apache prohibits users from accessing certain files in browser URLs
I want to prevent the access shown in the picture below, but I don’t know how to set it up in apache
I want to prevent the access shown in the picture below, but I don’t know how to set it up in apache
伊谢尔伦2017-05-16 17:05:48
You can restrict directory access
<Directory /var/www/html>
AllowOverride None
order deny,allow
deny from all
Allow from ip
</Directory>
or php_flag engine offdisable parsing php
But Ajax is for API access, add token verification as mentioned above
为情所困2017-05-16 17:05:48
If the script will not receive external requests, just Forbidden(403) directly in the web server, otherwise
Please refer to
/q/1010000000525855
@Windoze’s answers and comments
黄舟2017-05-16 17:05:48
Have done similar workWEB Server为APPproviding interfaces.
For the solution proposed by the poster in the title (use apache禁止),一开始就 是错误的思路 把问题想复杂了。像这样的需求,在php文件里判断就行了,而真正达到99.99%安全的,就只能是两方通信带上认证(稍复杂,参见/q/1010000000525855)或者token (it is relatively convenient to implement, see the one-time password verification of WEB Server+APP communication API).