php - stop direct access (.htaccess) and allow ajax request to subfolder

Question

I am trying to stop direct access to a subdirectories and the php files within subdirectories. I've added the following code below to the .htaccess file within the subdirectories, however now the AJAX request are not working.

How can I stop access to www.example.com/subdir, but allow jQuery load & ajax functions to work?

Options -Indexes
order   allow,deny
deny    from all

Thank You

Answer 1

I would put apache directives aside, and -perhaps- focus on a php-based solution:

1. Make sure your file containing the jquery ajax call has a ".php" extension. (of course inside that file, all jquery must be contained within <script> and </script> tags.

2. Inside your jquery function just before the ajax call, type that:

   <?php $_SESSION["allow"] = "granted" ?>

   (php tags run even if they are contained in "script" tags)

3. Open your ajax (php) file and at the very top type this:

<?php
 session_start();
 if((!isset($_SESSION['allow'])) && ($_SESSION['allow']!="granted")){die();}else
 unset($_SESSION['allow']);

 (...rest of your php code here...)

?>

... and you are Done!

P.S. Naturally, you may (or better: should) rename the sessions and give them different or more complex values, but I was just trying to point out the basic idea... Happy coding!