[英].htaccess deny from all stops access on website
I have a PHP file: index.php at the root of my web directory (something along the lines of): 我的网站目录根目录下有一个PHP文件:index.php(类似):
<?php
echo '<div>
<img src="images/test.png">
</div>';
?>
And I have a .htaccess file in the 'images/' directory which contains the following: 我在“ images /”目录中有一个.htaccess文件,其中包含以下内容:
deny from all
As I understand it, this should allow <img src="images/test.png">
to be displayed on the webpage but should not allow a user to access the test.png
file directly as follows: www.example.com/images/test.png
(I expect this to throw a forbidden error or something along these lines). 据我了解,这应该允许<img src="images/test.png">
显示在网页上,但不允许用户直接访问test.png
文件,如下所示: www.example.com/images/test.png
(我希望这会引发禁止的错误或类似的错误)。
Unfortunately, the above leads to the image not displaying on index.php
as well as the image not displaying via direct url: www.example.com/images/test.png
. 不幸的是,以上情况导致图像未显示在index.php
,以及图像未通过直接URL显示: www.example.com/images/test.png
。 If I remove the .htaccess file, the image displays fine, but it can be accessed by direct URL. 如果我删除了.htaccess文件,则该图像会正常显示,但可以通过直接URL访问。
Any ideas why this would not be working as expected? 有什么想法为什么不能按预期工作?
Yo/u are missing the big distinction between blocking access to an included php file (which is handled on the server side) and to an image which is referenced by php. Yo / u缺少阻止访问包含的php文件(在服务器端处理)和访问php引用的映像之间的巨大区别。 The closest I can think of as an easy solution is to have your php file open the image and return it as an image. 我能想到的最简单的解决方案是让您的php文件打开图像并将其作为图像返回。
Something like: 就像是:
<?php
//Do whatever checking you want
$im = file_get_contents("images/example.png");
header("Content-type: image/jpeg");
echo $im;
?>
Note that this still allows someone who knows the name of the php file to get the image etc; 注意,这仍然允许知道php文件名称的人获取图像等。 all this is doing is giving you a place to do checking in php code (example of check would be http_referer checking if you wanted to block people from "hot-linking" images) 这一切都为您提供了一个检查php代码的地方(检查的示例是http_referer检查,如果您想阻止人们访问“热链接”图像)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.