[英].htaccess only allow access to index.php and a directory
I am using我在用
RewriteEngine On
RewriteRule ^.*$ ./index.php
to redirect all my website traffic through index.php and let my php code get the request_uri and route each request accordingly.通过 index.php 重定向我的所有网站流量,并让我的 php 代码获取 request_uri 并相应地路由每个请求。
I want to restrict access to all other files/directories except one that will contain the js files, css files, images etc.我想限制对所有其他文件/目录的访问,除了包含 js 文件、css 文件、图像等的文件/目录。
I found that to do that I can use:我发现要做到这一点,我可以使用:
Order deny,allow
Deny from all
<Files index.php>
Order Allow,Deny
Allow from all
</Files>
and then have another .htaccess file inside the public directory to allow certain file types.然后在 public 目录中有另一个 .htaccess 文件以允许某些文件类型。
When I navigate to localhost/mysite/index.php it works fine since the index.php file is accessible.当我导航到 localhost/mysite/index.php 它工作正常,因为 index.php 文件是可访问的。
But for any other url I get a 403, for example /mysite/home/ is forbidden even though I expected it to work normally.但是对于任何其他 url,我得到 403,例如 /mysite/home/ 被禁止,即使我希望它正常工作。
What can I do get the expected behavior?我该怎么做才能得到预期的行为?
My full .htacces file is:我的完整 .htaccess 文件是:
RewriteEngine On
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule ^.*$ ./index.php
Order deny,allow
Deny from all
<Files index.php>
Order Allow,Deny
Allow from all
</Files>
EDIT: The /public/.htaccess currently looks like this:编辑:/public/.htaccess 目前看起来像这样:
<Files ~ "\.(xml|css|jpe?g|png|gif|js|pdf)$">
Allow from all
</Files>
Try this code in /mysite/.htaccess
:在
/mysite/.htaccess
试试这个代码:
DirectoryIndex index.php
RewriteEngine On
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule ^ index.php [L]
RewriteRule !^(public/|index\.php) [NC,F]
You can use:您可以使用:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php
That is the .htaccess I use for my applications.那是我用于我的应用程序的 .htaccess。 In the public directory, I only place index.php and JS, CSS and images file that I need, so there is no need to filter them out.
在public目录下,我只放了我需要的index.php和JS、CSS和图片文件,不需要过滤掉。 Any other file (such as uploads), are save to a folder outside of the public folder - so they are no accessible directly - only via a php script that reads them.
任何其他文件(例如上传)都保存到公共文件夹之外的文件夹中 - 因此无法直接访问它们 - 只能通过读取它们的 php 脚本。 I believe that is "best practice".
我相信这是“最佳实践”。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.