I'm thinking of using the htaccess file on my apache server to add a layer of security to the payment processing on my site. I am considering the 2 actions below, not sure how yet, but thats where the trial & error & learning begins.
- rewrite the url for the files that do the processing i.e. the user completes the payment form at
//mydomain/forms/form.phpOn submit the form data is posted to
//mydomain/payment/form_process.phpto process the payment - connect to the payment exchange, make payment, write to Db, etc, etc. I'm hoping I can rewite
//mydomain/payment/form_process.phpto something like
//mydomain/blank:while the processing takes place, then show a useful domain name one the process redirects to the confirmation or error page.
- write a rule that blocks domains other than mydomain accessing
//mydomin/payments/folder, redirecting all attempts to access this folder to either 404 or index page.
Are the above possible, and if yes, will they significantly improve the security of payments on my site? Lastly, is there anything else I should consider when manipulating the .htaccess file for this type of processing?