.htaccess拒绝除索引以外的所有php文件
[英].htaccess deny php files from all except index
问题描述
I have a .htaccess file with the following contents: 
我有一个具有以下内容的.htaccess文件:
<IfModule mod_rewrite.c>
RewriteEngine on
SetEnv HTTP_MOD_REWRITE on
RewriteBase /wsproject/
Options All -Indexes
DirectoryIndex index.php
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^(.+)$ index.php?url=$1 [QSA,L]
</IfModule>
I want to hide everything from the users: the directory structure and private files, while enable public files: *.js, *.html, *.css, *.swf, *.jpg and other stuff. 我想对用户隐藏所有内容:目录结构和私有文件,同时启用公共文件:*。js,*。html,*。css,*。swf,*。jpg等。 I want .php files to be accessible only from the file system, except only the index.php in the root dir. 我希望只能从文件系统访问.php文件,只有根目录中的index.php除外。
I only want to serve request via HTTP which are written with an (abstract) MVC URL pattern like: www.domain.com/lang/controller_name/action_name/arg1/arg2/././argn , which are being rewritten by .htaccess, and public *.html, *.js ...etc files. 我只想通过HTTP服务请求,而HTTP是使用(抽象的)MVC URL模式编写的,例如: www.domain.com/lang/controller_name/action_name/arg1/arg2/././argn ,这些文件正在由.htaccess重写以及公共* .html,*。js ... etc文件。
While Options All -Indexes hides file listing, it will not prevent an undesirable request eg: www.domain.com/library/Bootstrap.php from being served. 虽然Options All -Indexes隐藏了文件列表,但它不会阻止不受欢迎的请求,例如: www.domain.com/library/Bootstrap.php 。 Whereas deleting/commenting out RewriteCond %{REQUEST_FILENAME} !-f would solve this, but in this case none of my public .html, .css, .js ...etc files would be served. 删除/注释掉RewriteCond %{REQUEST_FILENAME} !-f可以解决此问题,但是在这种情况下,不会提供我的公共.html,.css,.js ... etc文件。
I tried to apply Deny from all for each php files except the index.php but I always get an 500-internal server error message. 我尝试对所有除index.php以外的php文件都应用Deny,但是我总是收到500条内部服务器错误消息。 Im doing this on localhost, on windows. 我在Windows的localhost上执行此操作。
Any ideas? 有任何想法吗?
2 个解决方案
解决方案1
3 已采纳 2015-06-26 12:14:04
Instead of stating that all but existing files should be directed to index.php, you can say that everything except *.js, *.html, *.css, *.swf, *.jpg should be directed to index.php. 您可以说除了* .js,*。html,*。css,*。swf,*。jpg以外的所有文件都应定向到index.php,而不是指出所有现有文件都应定向到index.php。
This isn't exactly the same as denying, since you don't give a Forbidden response. 这与拒绝并不完全相同,因为您不会给出禁止响应。 Though in this case you don't give out any information about which files exist or not, so I'd argue that it's a better solution. 尽管在这种情况下,您不会给出有关哪些文件存在或不存在的任何信息,所以我认为这是一个更好的解决方案。
<IfModule mod_rewrite.c>
RewriteEngine on
SetEnv HTTP_MOD_REWRITE on
RewriteBase /wsproject/
Options All -Indexes
DirectoryIndex index.php
RewriteRule \.(js|html|css|swf|jpg)(\?|$) - [QSA,L]
RewriteRule ^index.php(\?|$) - [QSA,L]
RewriteRule ^(.+)$ index.php?url=$1 [QSA,L]
</IfModule>
Note that rewriting to - , means no rewriting is done at all. 请注意,重写为-表示完全不进行重写。
解决方案2
1 2015-06-26 12:20:39
Rather than (or maybe as well as...) editing your .htaccess file, I'd suggest using the chmod command to modify the read/write/executability values of your files. 建议不要使用chmod命令来修改.htaccess文件,而建议使用chmod命令来修改文件的读/写/可执行性值。
A relatively succinct and sensible explanation of what chmod is/does can be found in the accepted answer here , but generally the simplest way is to chmod 644 your files and chmod 755 your folders. 可以在此处接受的答案中找到有关chmod是/做的相对简洁明了的解释,但通常最简单的方法是对文件chmod 644和文件夹chmod 755 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.