阻止直接访问html页面
[英]Prevent direct access to html pages
问题描述
I have created a simple login page to access mail sending form. 
我创建了一个简单的登录页面来访问邮件发送表单。 Login page works and redirects to sender.html. 登录页面工作并重定向到sender.html。 What I am trying to get is not to let others access sender.html or send.php without logging in. I have already tried putting 我想要的是不要让其他人在没有登录的情况下访问sender.html或send.php。我已经尝试过了
<?php $referrer = $_SERVER['HTTP_REFERER']; if ($referrer != "http://www.example.com/login.html") { header('Location: http://www.example.com/login.html'); } ; ?>
into the beginning of the sender.html but it doesn't work. 进入sender.html的开头,但它不起作用。 I also tried adding redirect rules to .htaccess but it would not allow access the page after login. 我也尝试将重定向规则添加到.htaccess但是在登录后不允许访问页面。 I'm a beginner but already spent a while to sort this out, would appreciate your help guys. 我是初学者,但已经花了一段时间来解决这个问题,非常感谢你的帮助。
2 个解决方案
解决方案1
0 2015-02-26 00:01:50
Change the filename from sender.html to sender.php . 将文件名从sender.html更改为sender.php 。 When a file has html extension it won't process php. 当文件具有html扩展名时,它将不会处理php。
Also you could modify the .htaccess file to tell the server to process .html files as .php files, but I think it is easier to change the file extension. 您还可以修改.htaccess文件以告诉服务器将.html文件作为.php文件处理,但我认为更改文件扩展名更容易。
解决方案2
0 2015-02-26 00:03:57
First off, checking the referer variable is not a good way to do this; 首先,检查referer变量不是一个好方法; attackers can forge that header. 攻击者可以伪造那个头。 The easy way would be to use basic authentication to protect your two pages of interest. 简单的方法是使用基本身份验证来保护您感兴趣的两个页面。
Example .htaccess: 示例.htaccess:
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /usr/local/apache/passwd/htpasswd
Require valid-user
(See http://httpd.apache.org/docs/2.2/howto/auth.html for more details as well as how to create the htpasswd file containing your users) (有关更多详细信息以及如何创建包含用户的htpasswd文件,请参阅http://httpd.apache.org/docs/2.2/howto/auth.html )
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.