How to protect ajax contents

Question

How to protect ajax contents

I was at almaconnect.com, on the home page there is a text box that automatically offers some university results as you type (loading content by creating an ajax call). I made a curl request of the same ajax call, but the request resulted in some encrypted lines on the terminal

curl 'https://www.almaconnect.com/suggestions/portaled_institute?q=am' -H 'Host: www.almaconnect.com' -H 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0' -H 'Accept: application/json, text/javascript, */*; q=0.01' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate, br' -H 'X-Requested-With: XMLHttpRequest' -H 'Referer: https://www.almaconnect.com/' -H 'Cookie: Almaconnect=; _ga=GA1.2.315358219.1489989532; __utma=117457241.315358219.1489989532.1490871434.1492414070.3; __utmz=117457241.1490871434.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); _gat=1; __utmb=117457241.1.10.1492414070; __utmc=117457241; __utmt=1'

I want exactly the same functionality for my site so that if any user tries to get the data from my site, he will not be able to.

+6

security http linux ajax apache

Kuldeep dangi Apr 17 '17 at 7:34

source share

4 answers

.

gtux , , .

, :

   curl 'https://www.almaconnect.com/suggestions/portaled_institute?q=am'

gaganshera , , , . , .

(login + set cookie) . , cookie. , , .

fooobar.com/questions/274665/...

https://www.quora.com/How-can-we-hide-JSON-data-from-tools-like-Chrome-development-tools-and-Firebug-etc-as-a-security-beyond-https

+1

Testo Testini 22 . '17 1:43

, javascript. , , . js. : PHP, Javascript (cryptojs)

0

gaganshera 17 . '17 7:39

, HTTP_REFERER ajax. HTTP_REFERER -, .

The ajax call can also be protected with time-based tokens. For example, when a web page is requested, a random string may be created on the server and stored in a database. This string is sent to the client, which uses it in the ajax request. The server can then check if the token has expired or not. This method allows you to use ajax call for a certain time.

0

Nadir latif Apr 18 '17 at 4:10

source share

gtux · Accepted Answer · 2017-04-20T09:08:21+0000

, , curl, . . ,

curl $params > output

, ,

file output

,

output: gzip compressed data, from Unix

gzip -d -c output .

, , , accept-encoding curl. , . .

 -H 'Accept-Encoding: gzip, deflate, br'

curl . .

curl 'https://www.almaconnect.com/suggestions/portaled_institute?q=am' -H 'Host: www.almaconnect.com' -H 'User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0' -H 'Accept: application/json, text/javascript, */*; q=0.01' -H 'Accept-Language: en-US,en;q=0.5' -H 'X-Requested-With: XMLHttpRequest' -H 'Referer: https://www.almaconnect.com/' -H 'Cookie: Almaconnect=; _ga=GA1.2.315358219.1489989532; __utma=117457241.315358219.1489989532.1490871434.1492414070.3; __utmz=117457241.1490871434.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); _gat=1; __utmb=117457241.1.10.1492414070; __utmc=117457241; __utmt=1'

almaconnect.com , AJAX. , , . (, HTTP Referrer), , .

, , , .

How to protect ajax contents

More articles: