[英]How to block access to all .php except index.php in root folder (via .htaccess)?
Note: This question has been asked before several times, but the answers are really bad, totally wrong and/or do not fit the above scenario (because there are several files called index.php ). 注意:此问题已经多次被问过,但答案非常糟糕,完全错误和/或不符合上述情况(因为有几个名为index.php的文件)。 If you like, see [ 1 ]. 如果您愿意,请参阅[ 1 ]。
I want to block direct access to all .php files in the application folder (see file structure image) via the .htaccess file in the root folder. 我想阻止通过根文件夹中的.htaccess文件直接访问应用程序文件夹中的所有.php文件(请参阅文件结构图像)。 There are some solutions for this on the web, but they miss one thing: They don't work if there is more than one file named index.php (which is a realistic scenario like the screenshot shows, see the file in the view/xxx/ folder): 网上有一些解决方案,但他们错过了一件事: 如果有多个名为index.php的文件,它们就不起作用(这是一个逼真的场景,如截图所示,请参阅视图中的文件/ xxx /文件夹):
In .htaccess: 在.htaccess中:
RewriteEngine on
RewriteRule ^/application - [F]
The [F]
option instructs it to issue a 403 Forbidden response on all matching URLs. [F]
选项指示它对所有匹配的URL发出403 Forbidden响应。
Or add a separate .htaccess file in /application
containing just: 或者在/application
中添加一个单独的.htaccess文件,其中包含:
deny from all
Or in your Apache vhost definition: 或者在Apache vhost定义中:
<Location /application>
deny from all
</Location>
In addition to Niels Keurentjes excellent answer I would like to extend his solution according to my .htacces that uses some very common rewriting patterns (as a lot of people might run into the same problem): 除了Niels Keurentjes的 优秀答案,我想根据我的.htacces扩展他的解决方案,它使用一些非常常见的重写模式(因为很多人可能遇到同样的问题):
When using URL rewrite rules, then the line RewriteRule ^/application - [F]
has to be at exactly that place . 使用URL重写规则时,行RewriteRule ^/application - [F]
必须恰好位于该位置 。 It will not work if the line is placed before or below: 如果在前面或下面放置线,它将无法工作:
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l
# The new line, blocking direct access to every file in /application and deeper
RewriteRule ^/application - [F]
RewriteRule ^(.+)$ index.php?url=$1 [QSA,L]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.