Abraham A. Abraham A. - 11 months ago 55
Ajax Question

htaccess require host domain not working correctly

I have a folder full of folders with json files. I want to restrict AJAX requests to these files to certain domains.

I made an htaccess file to restrict this but it isn't work. My htaccess is as follows:

<FilesMatch "\.json$">
Require host thedomain.com
Require host thehurts.com

This is blocking everyone, including myself.

I read that
Require local
gives myself access but that didn't work when I added it.

if I add
Require all granted
I have access and can AJAX to the files from other domains but that also gives access to everyone on the internet, which is what I don't want.

Any ideas?

Answer Source

What you need is to limit it from the source.

You should be able to set environment variables for referring domains and then include that in the rule. Then you can do by IP address to limit it coming from the server or your IP address also.

    SetEnvIf Referer "example\.com" localreferer
    SetEnvIf Referer "example2\.com" localreferer2

    <FilesMatch "\.json$">
        Require env localreferer
        Require env localreferer2
        Require ip x.x.x.x #your ip address
        Require ip #localhost
        Requite ip x.x.x.x #replace with your local server IP. 

See if that helps.