First off my terminology is probably wrong but when I hear "direct access" I think someone means that anyone has read privileges to a file from the url. Is my understanding of what "direct access" means correct?
I'm using htaccess to prevent direct access to the following directory (The http directory is DocumentRoot /var/www/public_html)
<Directory /var/www/public_html/indirect_access/>
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /passwords/me
Require user me
</Directory>
I have two files
/var/www/public_html/indirect_access/indirect.php
<?php echo 'hi'; ?>
/var/www/public_html/direct.php
<?php include('indirect_access/indirect.php'); ?>
When someone goes to www.mysite.com/direct.php, the browser prints 'hi'. When someone goes to www.mysite.com/indirect_access/indirect.php they are prompted for a username and password.
However when I change the contents of /var/www/public_html/direct.php to include an AJAX request like
$.ajax({
url: "indirect_access/indirect.php",
type: "GET",
dataType: 'html',
success: function(data){
$("body").prepend(data);
},
});
and then I try to access www.mysite.com/direct.php, I'm prompted for a username/pass.
Is it possible to prevent htpasswd from prompting authentication for indirect access to a file via ajax?
