我想通过.htaccess文件这样的保护目录,并在它的PHP文件,直接从网络访问:
I want to protect a directory and the php files in it, from direct web access through an .htaccess file like this:
IndexIgnore *
<Files ~ ".(php)$">
order allow,deny
deny from all
</Files>
但我希望能够给Ajax请求的一个JavaScript文件发送给那些PHP文件的获取结果。这可能吗?
but I want to be able to send ajax requests from a javascript file to those php files an get a result. Is this possible?
您可以只允许后请求。从错误code中的浏览器访问结果页面,而是来自阿贾克斯的作品发布。请参见这里。
You can only allow POST-requests. Accessing the page from the browser results in an error code, but posting from ajax works. See here.
注:此资格作为安全通过模糊。如果有人看你的JavaScript,他们将了解如何让页面的结果。
Note: this qualifies as security through obscurity. If someone looks at your javascript, they'll find out how to get the page results.