----------------------------------- nonamedude Wed May 25, 2011 2:17 pm .htacess ----------------------------------- Hey guys, I want to prevent users who dont have a link to a certain file from accessing it. So far I have tried doing this, order allow,deny deny from all So when I do this, it blocks all users even if they have a link to it. So I am just wondering what I have to put in my htaccess file so that users that do not have a link to delete_comments.php cannot access it. ----------------------------------- Amailer Wed May 25, 2011 2:32 pm RE:.htacess ----------------------------------- Are you trying to stop hotlinking? http://altlab.com/htaccess_tutorial.html I assume that's the case, otherwise I'm a bit confused. If someone does not have a link to a file; how can they access it in the first place (they don't know it exists)? ----------------------------------- nonamedude Fri May 27, 2011 10:14 am Re: .htacess ----------------------------------- If the people who do not have a link to the file, they can find links in my source code by pressing "view source code". I just want to prevent people from browsing using URL's. Is there a way to do this? ----------------------------------- Tony Fri May 27, 2011 10:35 am RE:.htacess ----------------------------------- How is the link from the source file different from the link obtained else-how? ----------------------------------- Amailer Fri May 27, 2011 10:37 am RE:.htacess ----------------------------------- I assume this is an AJAX request to the delete_comment.php correct? If so check out: http://www.electrictoolbox.com/how-to-tell-ajax-request-php/ [Edit] Check out http://stackoverflow.com/questions/3466802/deny-ajax-file-access-using-htaccess for a possible .htaccess solution ----------------------------------- nonamedude Fri May 27, 2011 11:05 am Re: .htacess ----------------------------------- "How is the link from the source file different from the link obtained else-how?" Meaning that on my website, certain users have certain privleges. Those who have the highest priveleges have a link to acess to the delete_comment.php. So they can actually acess the file through the website, and not by changing the URL. ----------------------------------- nonamedude Fri May 27, 2011 11:06 am Re: .htacess ----------------------------------- And I am not using ajax to delete comments, it is just reloading the entire page again. ----------------------------------- Tony Fri May 27, 2011 11:13 am RE:.htacess ----------------------------------- Typically delete_comment.php would check if the current user is logged in and has proper privileges. If so, proceed; else return.