Prevent external access to PHP scripts but allow AJAX

Question

I\'ve read a lot about .htaccess rules, checking headers, using encryption etc.. but I haven\'t found exactly the answer I\'m after. I know that assuming the server is set up ri

Answer 1

You can check whether the request isn't an Ajax request and forbid it, but it's not really safe due to the fact that the headers can be manipulated.

What you can do is to block every IP except the IP which is allowed to access those files.

What can do either is do implement a kind of authentication, where external applications have to send credentials to your script and the scripts checks if the client is valid.

Many ways, but they're all not really the best ways to achieve maximum security.