堆栈内存溢出
  简体   繁体   English

使用.htaccess拒绝访问目录中的所有PHP文件

[英]Deny access to all PHP files in a directory using .htaccess

 原文  2015-05-18 15:44:18       php/ apache/ .htaccess

问题描述

I'm attempting to deny access to anyone surfing for PHP files in a specific directory: 我试图拒绝任何在特定目录中浏览PHP文件的人访问: 

example.com/inc/

I've created an example.com/inc/.htaccess file with the contents: 我创建了一个带有以下内容的example.com/inc/.htaccess文件: 

Order deny,allow
Deny from all

This results in a 403 Forbidden response when I try to access one of the files. 当我尝试访问其中一个文件时,这会导致403 Forbidden响应。 For example: example.com/inc/file.php 例如:example.com/inc/file.php

The problem is, my web server is also denied access and my application stops working. 问题是,我的Web服务器也被拒绝访问,我的应用程序停止工作。

How can I deny access to people surfing for such PHP files but allow my shared web server access? 我如何拒绝访问冲浪这些PHP文件的人,但允许我的共享Web服务器访问?

Note: I'm using GoDaddy shared hosting. 注意:我正在使用GoDaddy共享主机。

4 个解决方案

解决方案1
 5 已采纳  2015-05-18 15:54:03

I would would just use a rule and block the access that is entered by the user. 我只会使用规则并阻止用户输入的访问权限。 This will block any php file that is entered. 这将阻止输入的任何php文件。 

RewriteEngine On
RewriteRule ^.*\.php$ - [F,L,NC]

Edit based on your comment. 根据您的评论进行修改。 Try this way. 试试这种方式。 

<Files (file|class)\.php>
order allow,deny
deny from all
allow from 127.0.0.1
allow from 192.168.0.1
</Files>

Replace 192.168.0.1 with your server IP address. 将192.168.0.1替换为您的服务器IP地址。

解决方案2
 2  2015-05-18 16:04:03

Use proper directory structure put your files to lib/ directory for example and include them from file which is not present in this directory. 使用正确的目录结构将您的文件放到lib /目录中,并将其包含在此目录中不存在的文件中。 This is how common frameworks works. 这是常见框架的工作原理。

You can even map your url to web/ directory and put lib one directory up then you are sure that there is no access to your .php file but only index.php and assets. 您甚至可以将您的URL映射到web /目录并将lib放在一个目录中,然后您确定无法访问您的.php文件,只能访问index.php和assets。

You can read how it is solved for example in Symfony2 http://symfony.com/doc/current/quick_tour/the_architecture.html it'll give you some clues. 您可以阅读它是如何解决的,例如在Symfony2 http://symfony.com/doc/current/quick_tour/the_architecture.html中它会给你一些线索。

解决方案3
 1  2015-05-18 15:45:56

要阻止对以.php结尾的所有文件的导航访问,您可以使用: 

RedirectMatch 403 ^.*\.php$

解决方案4
 1  2015-05-18 15:49:54

To only deny access to php files you can use this: 要仅拒绝访问php文件,您可以使用: 

<Files *.php>
order allow,deny
deny from all
</Files>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 PHP脚本访问否则“全部拒绝”的目录(通过.htaccess) - PHP script access a directory that is otherwise 'deny all' (Via .htaccess) 使用htaccess拒绝通过浏览器访问目录文件 - Deny access to directory files via browser with htaccess 使用htaccess和PHP拒绝目录和文件访问 - Deny directory and file access with both htaccess and PHP .htaccess拒绝目录访问 - .htaccess to deny directory access htaccess不会拒绝PHP对文件的访问 - htaccess doesn't deny PHP access to files .htaccess拒绝仅访问PHP文件 - .htaccess deny access to just PHP files 拒绝使用htaccess直接访问文件 - Deny direct access to files using htaccess 使用.htaccess拒绝访问子文件夹和文件 - Deny access to subfolders and files using .htaccess 如何拒绝访问目录中的所有文件,但允许访问其他目录中的特定php文件呢? - How can I deny access to all files in directory but allow access from specific php file in other directory? 使用htaccess将所有文件重定向到php - Redirect all files access to a php using htaccess
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM