If the script will not receive external requests, just Forbidden(403) directly in the web server, otherwise
Please refer to /q/1010000000525855 @Windoze’s answers and comments
Have done similar workWEB Server为APPproviding interfaces.
For the solution proposed by the poster in the title (use apache禁止),一开始就 是错误的思路 把问题想复杂了。像这样的需求,在php文件里判断就行了,而真正达到99.99%安全的,就只能是两方通信带上认证(稍复杂,参见/q/1010000000525855)或者token (it is relatively convenient to implement, see the one-time password verification of WEB Server+APP communication API).
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
You can restrict directory access
or
php_flag engine offdisable parsing phpBut Ajax is for API access, add token verification as mentioned above
If the script will not receive external requests, just Forbidden(403) directly in the web server, otherwise
Please refer to
/q/1010000000525855
@Windoze’s answers and comments
Have done similar work
WEB Server为APPproviding interfaces.For the solution proposed by the poster in the title (use
apache禁止),一开始就是错误的思路把问题想复杂了。像这样的需求,在php文件里判断就行了,而真正达到99.99%安全的,就只能是两方通信带上认证(稍复杂,参见/q/1010000000525855)或者token(it is relatively convenient to implement, see the one-time password verification of WEB Server+APP communication API).