Prevent external access to PHP scripts but allow AJAX

Question

I\'ve read a lot about .htaccess rules, checking headers, using encryption etc.. but I haven\'t found exactly the answer I\'m after. I know that assuming the server is set up ri

Answer 1

Try to catch if isset SERVER['HTTP_ORIGIN'] from the POST access, it must be identical to your domain. If so, then the POST is generated by yourselft website and it's safe to process it.