Apache 限制文件夹仅用于脚本访问
[英]Apache restricting folder for script access only
问题描述
I have a folder called data which has .ini files that my scripts access.
我有一个名为 data 的文件夹,其中包含我的脚本访问的 .ini 文件。 I've put a .htaccess in the data folder with deny all so that the folder cannot be accessed directly.我在数据文件夹中放置了一个 .htaccess 并全部拒绝,以便无法直接访问该文件夹。 This way only my scripts on the server can access it.这样只有我在服务器上的脚本才能访问它。
Is this .htaccess method good enough?这个 .htaccess 方法够好吗? i've also tested chmod the folder to 700 which seems to also do exactly the same thing, it denies public access but allows scripts to access the files.我还测试了 chmod 文件夹到 700 这似乎也做完全相同的事情,它拒绝公共访问但允许脚本访问文件。
I am wondering if I should just use both methods?我想知道我是否应该只使用这两种方法? or is one method better than the other?还是一种方法比另一种更好?
Ideally, I assume it would be better to place the files outside the www folder but I do not have access to that.理想情况下,我认为将文件放在 www 文件夹之外会更好,但我无权访问。
1 个解决方案
解决方案1
0 2015-09-13 20:24:20
The .htaccess solution will stop requests from a client from reading the files via a web browser or similar: .htaccess 解决方案将阻止来自客户端的请求通过 Web 浏览器或类似方式读取文件:
deny from all
The advantage of the .htaccess file is that a future developer or admin would see the file and know you had deliberately chosen to protect that code in a well recognised way. .htaccess 文件的优势在于,未来的开发人员或管理员会看到该文件,并知道您有意选择以公认的方式保护该代码。 This could help avoid issues down the line.这可以帮助避免问题。 For example if the site was copied to a new server.例如,如果站点被复制到新服务器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.