i know this has been answered lots on SO but i still have a question - i am using the cforms plugin in Wordpress and i've given it the url of a form handler page and i want to block direct access to this allowing only cforms - i've tried everything i've come across including file permissions and putting the file outside the root though everything that blocks the file to direct access also seems to block it from cforms ..... so i assume they're reading it as a browser would .... so i figure i'll need to block it from everybody except requests coming from my webserver (using htacesss) ..... but i am on a shared server and i dont want to leave it open to attack from the other domains on i share with .... so my question is this - can i target my domain specifically in htaccess using "allow" ?
thanks
ps this is my fi开发者_如何学Crst time on SO so apologies if i havent searched hard enough etc
Since forms (and therefor also cforms) are submitted via a browser, you can't completely block browser requests to those files.
What you could do however is block requests that are not POST
requests, since forms are normally posted. You can check in .htaccess
if the request is a POST
request, see
Using RewriteRule in .htaccess for POST request
精彩评论