php - I want HTACCESS to block only direct access to a specific file -

-

i have file don't want users able navigate on own accord. however, if click link sends them there, it's okay page work. have htaccess file set so. 

<files "success.php"> order allow,deny deny </files>

success.php name of file, , in directory of success.php, have following in htaccess file:

rewriterule /?\.htaccess$ - [f,l] rewriterule ^/?admin/paypal/success\.php$ - [f,l]

will users still able success.php if they're directed there, because know you're shown 403 error if try navigate there.

if case blocked being directed there, there way can fix this?

when type url "success.php" in browser's location bar , hit enter, browser sends request success.php.

when go website , click on link takes me "success.php", browser sends request success.php.

it's same, because click on link on site vs typing in browser, both requested same. when deny access, deny access. need check "referer" header, browsers can (optionally) include in request let webserver know url came from. referers can forged or omitted, checking referer isn't guarantee. 

rewriteengine on rewritecond %{http_referer} !^https?://example.com/ [nc] rewriterule ^admin/paypal/success\.php$ - [f,l]

so if loads page on "example.com" site (e.g. site) , clicks on link goes success.php page, they'll fine. other access anywhere else 403.


Comments

Post a Comment

Popular posts from this blog

java - WrongTypeOfReturnValue exception thrown when unit testing using mockito -

-
my test list<person> mylist; @test public void testisvalidperson() { mylist = new arraylist<person>(); mylist.add(new person("tom")); when(persondao.get(person)).thenreturn(mylist); when((persondao.get(person)).isempty()).thenreturn(false);//------exception thrown boolean result = service.isvalid("tom"); assertfalse(result); } method tested: public boolean isvalid(string person){ persondao = new persondao(); person personobj = new person(person); return (persondao.get(person).isempty())?false : true; } exception thrown: org.mockito.exceptions.misusing.wrongtypeofreturnvalue: boolean cannot returned get() get() should return list *** if you're unsure why you're getting above error read on. due nature of syntax above problem might occur because: 1. exception *might* occur in wrongly written multi-threaded tests. please refer mockito faq on limitations of concurrency testing. 2. sp
Read more

php - Magento - Deleted Base url key -

-
i working on cleaning url: http://mydomain.com/shop/shop/deals i going through settings in configuration tab in admin panel on magento , change secure , unsecure base urls remove first base url "shop" web page read: http://mydomain.com/shop/deals so changed unsecure base urls mydomain.com/shop mydomain.com , secure 12.345.67.89/shop 12.345.67.89. wrong thing do. i cannot reload page or admin console. how access these files through ftp , change correctly there?? when make changes in admin panel changes made in database not in file. have make changes in database. 1.go database , select core_config_data table under table find web/unsecure/base_url , web/secure/base_url . make changes here. don't forget clear cache in var/cache folder
Read more

android - How to disable Button if EditText is empty ? -

-
i have edittext , button in application. when button clicked,the text entered in edittext added listview. i want disable button if edittext empty.how ? this code button click imagebutton imb=(imagebutton)findviewbyid(r.id.btn_send); imb.setonclicklistener(new onclicklistener() { @override public void onclick(view arg0) { edittext et = (edittext)findviewbyid(r.id.edittext1); string str = et.gettext().tostring(); web1.add(str); toast.maketext(shoutsingleprogram.this, "you entered...."+str, toast.length_short).show(); adapter1.notifydatasetchanged(); et.settext(""); } }); } how can ? edittext1.addtextchangedlistener(new textwatcher() { @override public void ontextchanged(charsequence s, int start, int before, in
Read more