Block direct access to .php but allow AngularJS $http requests

1
votes

Is there any way of blocking direct access to .php files in my ctrl foler, but allowing http requests from an Angular app? I have a .htaccess with 'Deny from all' in the ctrl folder at the moment which blocks access but it also blocks the Angular calls.

I imagine there isn't a way, but I'm not a whizz at PHP so I wanted to ask.

AngularJS

$http({
    method: 'POST',
    url: '/ctrl/login/login.php',
    headers: {'Content-Type': 'application/x-www-form-urlencoded'},
    data: credentials
})
1
phpangularjs.htaccess
Have you tried to search the web for "API Auth"? There are a lot of approaches that deal with secure a web API. E.g. token auth or simple use same origin policy.lin
I'm looking for something more general rather than login specific.Chris Wickham
same origin policy.lin
I wonder what you are actually trying to achieve?user125661
do you want to allow only internal requests from your host?Mohammed Elhag

1 Answers

1
votes

I don't believe there is. In fact, an http request to these .php files from an angular app is nothing more than 'a direct access to .php files'. If the angular app (which lives client-side) could do the request, the client itself could do the request as well.