简体   繁体   English

如何阻止访问除根文件夹中的index.php之外的所有.php(通过.htaccess)?

[英]How to block access to all .php except index.php in root folder (via .htaccess)?

Note: This question has been asked before several times, but the answers are really bad, totally wrong and/or do not fit the above scenario (because there are several files called index.php ). 注意:此问题已经多次被问过,但答案非常糟糕,完全错误和/或不符合上述情况(因为有几个名为index.php的文件)。 If you like, see [ 1 ]. 如果您愿意,请参阅[ 1 ]。

I want to block direct access to all .php files in the application folder (see file structure image) via the .htaccess file in the root folder. 我想阻止通过根文件夹中的.htaccess文件直接访问应用程序文件夹中的所有.php文件(请参阅文件结构图像)。 There are some solutions for this on the web, but they miss one thing: They don't work if there is more than one file named index.php (which is a realistic scenario like the screenshot shows, see the file in the view/xxx/ folder): 网上有一些解决方案,但他们错过了一件事: 如果有多个名为index.php的文件,它们就不起作用(这是一个逼真的场景,如截图所示,请参阅视图中的文件/ xxx /文件夹):

Question: How to block access to all .php files, except the index.php in the root folder ? 问题:如何阻止访问除根文件夹中的index.php之外的所有.php文件?

在此输入图像描述

In .htaccess: 在.htaccess中:

RewriteEngine on
RewriteRule ^/application - [F]

The [F] option instructs it to issue a 403 Forbidden response on all matching URLs. [F]选项指示它对所有匹配的URL发出403 Forbidden响应。

Or add a separate .htaccess file in /application containing just: 或者在/application中添加一个单独的.htaccess文件,其中包含:

deny from all

Or in your Apache vhost definition: 或者在Apache vhost定义中:

<Location /application>
  deny from all
</Location>

In addition to Niels Keurentjes excellent answer I would like to extend his solution according to my .htacces that uses some very common rewriting patterns (as a lot of people might run into the same problem): 除了Niels Keurentjes的 优秀答案,我想根据我的.htacces扩展他的解决方案,它使用一些非常常见的重写模式(因为很多人可能遇到同样的问题):

When using URL rewrite rules, then the line RewriteRule ^/application - [F] has to be at exactly that place . 使用URL重写规则时,行RewriteRule ^/application - [F]必须恰好位于该位置 It will not work if the line is placed before or below: 如果在前面或下面放置线,它将无法工作:

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l

# The new line, blocking direct access to every file in /application and deeper
RewriteRule ^/application - [F]

RewriteRule ^(.+)$ index.php?url=$1 [QSA,L]

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM