[英]How do i make folder on server secure?
I'm creating a website on my local computer and have no database system.我正在本地计算机上创建一个网站,但没有数据库系统。
For each user entering the page, i create a text file with their IP adress as the name.对于每个进入页面的用户,我都会创建一个文本文件,以他们的 IP 地址作为名称。 So when i go on the website when it's hosted on my computer, a PHP script creates a file hits/127.0.0.1.txt.
因此,当我访问托管在我的计算机上的网站时,PHP 脚本会创建一个文件 hits/127.0.0.1.txt。
The file contains some sensitive information, and i dont want anything else then my PHP scripts to access the files.该文件包含一些敏感信息,除了我的 PHP 脚本之外,我不希望任何其他内容访问这些文件。
When i write 'localhost/mysite/hits/' i can access all the text files and information.当我写 'localhost/mysite/hits/' 时,我可以访问所有的文本文件和信息。 I'd like to prevent this so people wont be able to see this when i publish the site
我想阻止这种情况,所以当我发布网站时人们将无法看到这一点
How can i do this?我怎样才能做到这一点?
And by the way, I create this file to use it to count visitors and see when i get most visitors.顺便说一下,我创建了这个文件来使用它来计算访问者数量并查看访问者最多的时间。
It is depending on your Webserver这取决于您的网络服务器
Apache:阿帕奇:
You need to insert in the directory a .htaccess
file, with content deny from all
您需要在目录中插入一个
.htaccess
文件,内容deny from all
https://stackoverflow.com/a/9282193/2441442 https://stackoverflow.com/a/9282193/2441442
IIS:信息系统:
You need a File web.config
to configure Request Filtering:您需要一个文件
web.config
来配置请求过滤:
<configuration>
<system.webServer>
<security>
<requestFiltering>
<hiddenSegments>
<add segment="My_Directory" />
</hiddenSegments>
</requestFiltering>
</security>
</system.webServer>
</configuration>
https://stackoverflow.com/a/4038572/2441442 https://stackoverflow.com/a/4038572/2441442
Nginx: nginx:
You write in your Configuration:你在你的配置中写:
location ~ /(dir1|dir2|dir3) {
deny all;
return 404;
}
Because of the background of Nginx (Performance) you need to restart the server.因为Nginx(Performance)的后台需要重启服务器。 The config is only one time loaded.
配置只加载一次。
https://serverfault.com/a/232706/220399 https://serverfault.com/a/232706/220399
For all other对于所有其他
您可以尝试在文件夹中创建一个 .htaccess 文件并在 .htaccess 脚本中拒绝所有
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.