如何防止直接访问文件但允许网页中的文件
[英]How to prevent direct access to files but allow files in webpages
问题描述
I'm trying to use mod.rewrite to deny direct access to files on my web server, eg http://domain.tld/reports/imareport.pdf or http://domain.tld/img/img1.png , and I've used the answer on this question: 
我正在尝试使用mod.rewrite拒绝直接访问我的Web服务器上的文件,例如http://domain.tld/reports/imareport.pdf或http://domain.tld/img/img1.png ,并且我已经在这个问题上使用答案:
(htaccess) How to prevent a file from DIRECT URL ACCESS? (htaccess)如何防止文件直接访问URL?
That page suggests using mod.rewrite like this: 该页面建议使用mod.rewrite这样的:
RewriteEngine on
RewriteRule \.(png|pdf|htm)$ - [F]
Using mod.rewrite in this manner works fine for denying access to PDFs, but other files that are ordinarily included in a page such as images and css are not only blocked from direct access, but also blocked when used on a webpage in a normal <img> tag or whatever. 以这种方式使用mod.rewrite可以很好地阻止对PDF的访问,但是通常会阻止页面中包含的其他文件(例如图像和CSS)直接访问,而且在普通<img>标签或其他。 This is contrary to the question and answer mentioned above. 这与上面提到的问题和答案相反。
So... my question is... is there a way to block direct access to files but still allow them in webpages? 所以...我的问题是...有没有办法阻止直接访问文件但仍然允许它们进入网页?
1 个解决方案
解决方案1
0 2017-07-05 16:20:07
Thanks Mark Phillips, I didn't fully appreciate what these two rewrite conditions were doing for me: 感谢Mark Phillips,我不完全理解以下两个重写条件对我的作用:
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC]
So I had managed to mess them up. 所以我设法弄乱了他们。 Things worked as needed when I used the code just as it was. 当我按原样使用代码时,事情可以按需工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.