tags:

views:

18

answers:

1
+1  Q: 

restrict direct linking to AJAX pages in a certain directory

I don't want to allow people to go directly to the pages in the AJAX directory but they still need to be served from their parent page. I have tried numerous .htaccess lines but they all block it from the main page as well. to sum up, I dont want people to be able to type in http://www.mysite.com/AJAX/page1.html and view it but page1.html needs to be brought into its parent page via AJAX.

<LIMIT GET POST>
Order deny, allow
deny from all
</LIMIT>

blocks all access

Can you define a flag in the parent file define('IS_IN_SCRIPT',1); and check for it in the AJAX pages? will that work with AJAX pages or only PHP includes?

A: 

You could always set up something so that if a particular argument isn't passed in via GET or POST, the ajax page will just redirect you elsewhere.

In php, it'd look like

if(!isset($_POST['some_var']))
  header('Location: somePage.html');
Sam Dufel  2010-10-27 01:39:09
How would I ad that here? $("ul#yearMenu li a").live('click',function(e) { e.preventDefault(); var $parent = $(this).parent(); $parent.addClass("selected").siblings().removeClass("selected"); var href = $(this).attr('href'); $("#tableContent").load(href); });
Dirty Bird Design  2010-10-27 02:19:31
Oh, I was thinking that it'd be better to do the check in php or some other server-side language. It's iffy trying to read post/get arguments from javascript.
Sam Dufel  2010-10-27 02:25:16
so would my scheme of adding the header to the main page and checking for it on the AJAX pages be apropriate? Im calling the pages via jquery .load function
Dirty Bird Design  2010-10-27 02:26:49
Can you help me a little more with the code? on the parent page I would have <?php $_POST['foo'];?> and on the AJAX pages would have <?php if(!isset($_Post['foo'])) header('Location:403.php')'?> correct?
Dirty Bird Design  2010-10-27 02:50:38
I have it working to where if you hit the AJAX page url directly it redirects, but its not bringing in the AJAX page when you click the link now
Dirty Bird Design  2010-10-27 02:54:08
Ah, no - to set the post variable, you have to send it via your ajax function - if it's easier, you can just use a GET instead and append a ?fo0=something to the end of the url of the ajax file
Sam Dufel  2010-10-27 20:56:37

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security