Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vladislav Shkaev2016-04-17 16:08:50
Nginx
Vladislav Shkaev, 2016-04-17 16:08:50

How to close directory access except for XMLHttpRequest requests?

Access to the /core/ directory and all files inside the directory is closed. From the browser we submit to 403, everything is ok.

location ~* ^/core/ {
    deny	 all;
  }

access to files via XMLHttpRequest request is also closed (
Question: how to allow access to files in a package, for example /core/ajax/search.php only for XMLHttpRequest request
The task is to protect the entire core folder, and not specifically the /core/ajax/ folder, not willing remove ajax folder from core

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
C
Cat Anton, 2016-04-17
@proxid

You won't protect yourself from anyone. An attacker can also send XHR.

Similar questions
X
xonar2020-01-07 11:29:56
How to show your portfolio? 2Reply
S
SimBioT192017-04-17 00:40:05
Is it possible that this is DDoS and how to deal with it? 3Reply
N
nutkatuz2021-04-01 21:01:20
Why does the postman respond intermittently, but the front is always cool? 0Reply
V
VITYA-XY12019-09-19 19:58:45
How to compose subdomain rewrite with regex on nginx? 1Reply
S
santared2019-09-19 21:30:29
How to create whitelist on iptables if i use cloudflare? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question