Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vladislav Shkaev2016-04-17 16:08:50
Nginx
Vladislav Shkaev, 2016-04-17 16:08:50

How to close directory access except for XMLHttpRequest requests?

Access to the /core/ directory and all files inside the directory is closed. From the browser we submit to 403, everything is ok.

location ~* ^/core/ {
    deny	 all;
  }

access to files via XMLHttpRequest request is also closed (
Question: how to allow access to files in a package, for example /core/ajax/search.php only for XMLHttpRequest request
The task is to protect the entire core folder, and not specifically the /core/ajax/ folder, not willing remove ajax folder from core

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
C
Cat Anton, 2016-04-17
@proxid

You won't protect yourself from anyone. An attacker can also send XHR.

Similar questions
E
Eugene2013-12-03 16:37:53
Is it possible to force the browser not to check the validity of the cache? 2Reply
I
ins0mnia2020-07-17 10:29:38
Strange redirect, not an application, not a web server. Redirect on the web? 0Reply
I
icell762020-07-18 10:09:27
How to make access to the site directory by the name of the provider? 1Reply
M
Meridian3122013-12-08 13:31:48
How to redirect an authorized user to your home directory? 1Reply
A
Alexander Mekhonoshin2013-12-09 01:29:17
How to get passed data using PUT/DELETE methods through nginx? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question