如何隐藏配置文件以防止直接访问?
[英]How to hide config files from direct access?
问题描述
I am using Laravel for web app.
我正在将 Laravel 用于网络应用程序。 Uploaded everything on production and found out that some of the files can be directly accessed by url - for example http://example.com/composer.json上传了生产中的所有内容,发现某些文件可以通过 url 直接访问 - 例如http://example.com/composer.json
How to avoid that direct access?如何避免直接访问?
9 个解决方案
解决方案1
33 已采纳 2016-05-29 07:21:45
You're using wrong web server configuration.您使用了错误的 Web 服务器配置。 Point your web server to a public directory and restart it.将您的 Web 服务器指向public目录并重新启动它。
For Apache you can use these directives:对于Apache,您可以使用这些指令:
DocumentRoot "/path_to_laravel_project/public"
<Directory "/path_to_laravel_project/public">
For nginx , you should change this line:对于nginx ,您应该更改此行:
root /path_to_laravel_project/public;
After doing that, all Laravel files will not be accessible from browser anymore.这样做之后,浏览器将无法再访问所有 Laravel 文件。
解决方案2
2 2016-05-29 07:14:27
That is incorrect.那是不正确的。 composer.json sits outside of the public directory and therefore should not be accessible. composer.json位于public目录之外,因此不应该被访问。 This means that your VirtualHost configuration is incorrect.这意味着您的 VirtualHost 配置不正确。
Please make sure that your path to your directory ends with /public .请确保您的目录路径以/public结尾。
解决方案3
1 2017-04-19 10:36:56
Point the web server to the public directory in the project's root folder将 Web 服务器指向项目根文件夹中的公共目录
project root folder/public
but if you don't have the public folder and you are already pointing to the root folder, you can deny access by writing the following code in .htaccess file.但是如果您没有 public 文件夹并且您已经指向根文件夹,您可以通过在.htaccess文件中编写以下代码来拒绝访问。
<Files ".env">
Order Allow,Deny
Deny from all
Allow from 127.0.0.1
</Files>
in the above code, first we are denying from all and allowing only from the own server (localhost to the server) to get executed, and hence we can protect it from outside users.在上面的代码中,首先我们拒绝所有并只允许从自己的服务器(本地主机到服务器)执行,因此我们可以保护它免受外部用户的攻击。
解决方案4
1 2018-03-15 13:59:02
Point your web server to a public directory and restart it.将您的 Web 服务器指向公共目录并重新启动它。
For Apache you can use these directives:对于 Apache,您可以使用这些指令:
DocumentRoot "/path_to_laravel_project/public"
<Directory "/path_to_laravel_project/public">
Also You Can Deny files in .htaccess too.您也可以拒绝 .htaccess 中的文件。
<Files "composer.json">
Order Allow,Deny
Deny from all
</Files>
for multiple files you can add above files tag multiple times in .htaccess files.对于多个文件,您可以在 .htaccess 文件中多次添加上述文件标签。
解决方案5
0 2016-05-29 07:14:19
Set Your document root as public directory, so other files will not be accessible directly.将您的文档根目录设置为public目录,这样其他文件将无法直接访问。 Look for it in Your apache/nginx/???在你的 apache/nginx/??? 中寻找它configuration files.配置文件。
解决方案6
0 2016-05-29 07:19:24
It depends on the webserver your running.这取决于您运行的网络服务器。 With Apache it would be .htaccess files whereas with Nginx it would be handled in the server configuration file.对于 Apache,它将是 .htaccess 文件,而对于 Nginx,它将在服务器配置文件中处理。
解决方案7
0 2017-03-18 04:43:03
You Can Deny files in .htaccess too.您也可以拒绝 .htaccess 中的文件。
<Files "composer.json">
Order Allow,Deny
Deny from all
</Files>
解决方案8
0 2017-03-29 07:47:59
With Apache, you can create .htaccess file in the root directory of Laravel project to rewrite all requests to public/ directory.使用 Apache,您可以在 Laravel 项目的根目录下创建 .htaccess 文件,将所有请求重写到 public/ 目录。
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^(.*)$ public/$1 [L]
</IfModule>
解决方案9
-2 2018-03-02 05:03:36
simply create blank简单地创建空白
index.php
file in config directory , and write message in file as you like to inform acccessor user配置目录中的文件,并在文件中写入消息以通知访问者用户
ex.例如。 access forbindon by server服务器禁止访问
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.