拒绝使用htaccess直接访问文件
[英]Deny direct access to files using htaccess
问题描述
I have below directory structure in my website, 
我的网站目录结构如下,
/public_html
/public_html/admin/
/public_html/admin/js/
/public_html/admin/css/ ....
Basically I want to disallow all direct access to files inside sub folders of /admin, like not allow to access js inside /js/ folder directly but allow it to access from my php page 基本上我想禁止所有直接访问/ admin子文件夹内的文件,比如不允许直接访问/ js /文件夹中的js但允许它从我的php页面访问
I added .htaccess file with below code inside /js/ folder, 我在/ js /文件夹中添加了以下代码的.htaccess文件,
Order deny,allow
Deny from all
so it is good that it won't allow me to access via browser directly ! 所以它不允许我直接通过浏览器访问它是好的!
BUT when I try to access index.php page in which files of /js/ folder are included using tag, it is not loading up. 但是当我尝试访问index.php页面时,使用标签包含/ js /文件夹的文件,它没有加载。
So can anyone help me out ! 所以任何人都可以帮助我!
Thanks in advance. 提前致谢。
3 个解决方案
解决方案1
3 已采纳 2014-04-01 07:51:03
You are not accessing it "from your PHP page". 您没有“从PHP页面”访问它。 The web server is either serving a request or it isn't. Web服务器要么是服务请求,要么不是。 When you load your "PHP page" in a browser, the browser will then go out and request all the Javascript, CSS and image assets linked to from your page. 当您在浏览器中加载“PHP页面”时,浏览器将出去并请求从您的页面链接到的所有Javascript,CSS和图像资源。 Each of these will be a separate HTTP request to the web server. 其中每个都是对Web服务器的单独HTTP请求。 The web server has no context that this HTTP request is because the asset is linked to from "your PHP page", that's completely irrelevant to it. Web服务器没有此HTTP请求的上下文,因为资产是从“您的PHP页面”链接到的,这与它完全无关。 You can either get the file from the server using an HTTP request, or you can't. 您可以使用HTTP请求从服务器获取文件,也可以不使用。 And by setting Deny from all , you can't. 通过设置Deny from all ,你不能。
You'd have to funnel all requests through a PHP file which checks the login information and only serves the file if the user is properly logged in. Eg link to scripts.php?file=js/myscript.js and have authentication checking code in scripts.php . 您必须通过PHP文件scripts.php?file=js/myscript.js所有请求,该文件检查登录信息,并且仅在用户正确登录时才提供文件。例如链接到scripts.php?file=js/myscript.js并且具有身份验证检查代码scripts.php 。
解决方案2
0 2014-04-01 07:44:06
When you restrict a folder like this, you can not include the files that are in it inside your HTML page. 限制此类文件夹时,不能在HTML页面中包含其中的文件。 It is basically the same request as if the person is accessign directly to the JS by URL. 它基本上是相同的请求,就好像该人通过URL直接访问JS一样。
解决方案3
0 2014-04-01 07:52:36
Usually cpanel tools like 通常是cpanel工具之类的
Hotlink Protection
热链接保护 Hotlink protection prevents other websites from directly linking to files (as specified below) on your website. Other sites will still be able to link to any file type that you don't specify below (ie, HTML files). An example of hotlinking would be using an <img> tag to display an image from your site somewhere else on the Web. The end result is that the other site is stealing your bandwidth.Index Manager
指数经理 The Index Manager allows you to customize the way a directory will be viewed on the web. You can select between a default style, no indexes, or two types of indexing. If you do not wish for people to be able to see the files in your directory, choose "No Indexing".
1&2 are tools from usual hosting cpanel. 1和2是通常托管cpanel的工具。 Probably it writes over apache conf files(not sure which ones) 可能它写的apache conf文件(不知道哪些)
However, you should also be aware of HTTP referer. 但是,您还应该了解HTTP referer。 You could based on this decide when not to show your respurce. 您可以根据此决定何时不显示您的资源。
`HTTP referer is an HTTP header field that identifies the address of the webpage (i.e. the URI or IRI) that linked to the resource being requested`
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.