Menu
I want to limit the access for some pages in my web site. I have some BL pages in PHP and I want to limit thier access to only internal access.
I mean that I want that these pages will be denied if the user type them in the browser, but will be accessible if another PHP page will call them (with POST or GET requests).
Is it possible to do that in the .htaccess file? If it is, how?
553
Just to clarify, the php page isn't the one sending POST or GET request, it's the browser, which means you can't block by IP. So you need to be checking against the referer here. Problem with that is the referer can be easily forged so this is no guarantee that you'll be denying access.
You can check the referer using the %{HTTP_REFERER} variable in mod_rewrite and then use the F flag to deny access:
RewriteEngine On
# if the request's referer isn't from a php page on your site
RewriteCond %{HTTP_REFERER} !^https?://your-domain.com/.*\.php
# deny access to the list of php files
RewriteRule ^(path/to/protected.php|path/another_protected.php|images/protected.png)$ - [L,F]
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
