问题
i know this has been answered lots on SO but i still have a question - i am using the cforms plugin in Wordpress and i've given it the url of a form handler page and i want to block direct access to this allowing only cforms - i've tried everything i've come across including file permissions and putting the file outside the root though everything that blocks the file to direct access also seems to block it from cforms ..... so i assume they're reading it as a browser would .... so i figure i'll need to block it from everybody except requests coming from my webserver (using htacesss) ..... but i am on a shared server and i dont want to leave it open to attack from the other domains on i share with .... so my question is this - can i target my domain specifically in htaccess using "allow" ?
thanks
ps this is my first time on SO so apologies if i havent searched hard enough etc
回答1:
Since forms (and therefor also cforms) are submitted via a browser, you can't completely block browser requests to those files.
What you could do however is block requests that are not POST requests, since forms are normally posted. You can check in .htaccess if the request is a POST request, see
Using RewriteRule in .htaccess for POST request
来源:https://stackoverflow.com/questions/6335231/prevent-brower-access-to-a-form-handler-php-file