0

I have a index.php file that needs to access the folder "login", in order to get to the file "messages.json". The folder "login" is protected by a .htaccess that deny's everything. index.php needs to access login/messages.json, but is denied from accessing it (403).

I need to know how to set up my .htaccess to allow just my index.php to access login/messages.json, yet deny access from everything else.

Linux freeweb5.byetcluster.com 2.6.32-896.16.1.lve1.4.54.el6.x86_64 #1 SMP Wed May 2 07:43:19 EDT 2018 x86_64

Apache 2.0 Handler

PHP Version 7.3.6

I've tried to set up valid-user with the file, but it just didn't work. I would constantly get a 500 error and I couldn't figure out the issue.

My .htaccess file consists of just this:

deny from all

The php file that requests the file uses JQuery to do so, this being the ajax request:

$.ajax({url: 'login/messages.json', dataType: 'json', ifModified: true, timeout: 2000, success: function(messages, status){function_here}});
Improve this question

1 Answer 1

Reset to default
1

change your .htaccess

Deny from all
<FilesMatch messages\.json>
        Allow from all
</FilesMatch>

Your php file not request the messages.json! the browser of the client do because u are using Ajax.

You need allow http request to messages.json and deny access to all files.

Improve this answer
2
  • The issue with this is, a user can still view messages.json It needs to be that ONLY the php file can view messages.json. Not everyone.
    – Chad Hendrixs
    Commented Sep 13, 2019 at 3:10
  • If you use Ajax the browser (user) need accesos to the file. Dont use ajax, use file_get_contents to load the file content and json_decode to convert the content in object or array
    – Manuel Panizzo
    Commented Sep 13, 2019 at 10:52

Not the answer you're looking for? Browse other questions tagged or ask your own question.