堆栈内存溢出
  简体   繁体   English

Laravel:防止直接访问公用文件夹中的文件

[英]Laravel: Prevent direct access of files from public folder

 原文  2017-11-30 11:47:21       php/ .htaccess/ laravel-5

问题描述

I am stuck on this part of my laravel application, Where I am asked to protect the files from directly accessed via url browser hit. 我被困在laravel应用程序的这一部分中,要求我保护该文件以免通过URL浏览器直接访问。 I have a public folder in which in a doc folder is present where all the documents are going to be uploaded. 我有一个公用文件夹,其中有一个doc文件夹,所有文档都将被上传到该文件夹​​中。 I just need a solution to prevent this where i can access docs directly from my application but any third party visitor can not view my docs (images,pdfs etc..). 我只需要一个解决方案来防止这种情况,我可以直接从我的应用程序访问文档,但是任何第三方访问者都不能查看我的文档(图像,pdf等)。

I have tried many solutions but its not at all working. 我已经尝试了许多解决方案,但根本无法正常工作。 I just want to things :- 1. Protect my docs through direct access. 我只想了解以下内容:1.通过直接访问保护我的文档。 2. Way of implementing it in laravel (via .htaccess) 2.在laravel中实现它的方式(通过.htaccess)

I know this can be possible through htaccess, but how? 我知道这可以通过htaccess实现,但是怎么办? Kindly help Please :) 请帮助:)

2 个解决方案

解决方案1
 2  2017-11-30 11:53:08

There are three approaches I can think of just now; 我现在可以想到三种方法:

  1. You intercept all image and video requests with Laravel, then using the router, serve up the content that the user was after, provided they are authorised. 您可以使用Laravel拦截所有图像和视频请求,然后使用路由器提供经过授权的用户所关注的内容。 THIS WILL BE SLOW!. 这会很慢!
  2. You rely on obscurity and put all that clients images, videos etc in a folder that has a long-unguessable random url. 您依靠模糊性,将所有客户端图像,视频等放置在一个具有冗长的随机URL的文件夹中。 You can then link to the content in your code using the 'static' folder name. 然后,您可以使用“静态”文件夹名称链接到代码中的内容。 The customer's content will always be in that folder and accessible if they log in or not. 客户的内容将始终位于该文件夹中,并且无论是否登录,都可以访问。 The advantage of this compared to 1 is that your framework does not have to boot for every image or video. 与1相比,它的优点是您的框架不必为每个图像或视频都启动。
  3. Have all the content hidden away - possibly in the storage folder. 隐藏所有内容-可能在存储文件夹中。 When the user logs in, create a temporary symbolic link between their public folder and their folder in storage. 用户登录时,在其公用文件夹和存储中的文件夹之间创建一个临时的符号链接。 Keep a note of the link in the session. 记下会话中的链接。 Use the link in all gallery etc rather than the static code used in (2) above. 使用所有图库等中的链接,而不要使用上面(2)中使用的静态代码。 Once they log out the code will no longer be valid, and you can delete the symbolic link on logout or have a job to tidy it up periodically. 他们注销后,该代码将不再有效,您可以在注销时删除符号链接,也可以定期进行整理。

解决方案2
 1  

在您的上传文件夹.htaccess文件中添加以下内容: 

Deny from  all

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何防止直接访问文件夹中的文件? - How to prevent direct access to files in folder? PHP 避免直接访问公共文件夹中的内部 php 文件 - PHP avoid direct access to internal php files in public folder 如何防止从浏览器直接访问文件? - How to prevent direct access to files from browser? 如何保护公共图像上传文件夹免受操纵/直接访问 - How to protect a public image upload folder from manipulation/direct access Laravel 4:禁止访问除公共以外的任何文件或文件夹 - Laravel 4: prevent access to any file or folder except public Laravel 未检测到公用文件夹中的文件 - Laravel not detecting files from public folder 防止直接URL访问文件 - Prevent direct url access to files 如何防止直接访问文件? - How to prevent direct access to files? 如何在 Laravel 和 Linux 操作系统中访问公共文件夹的文件 - How to access files of public folder in Laravel and Linux OS 无法访问我的公共文件夹中的 css 文件 - laravel 6.2 - Can't access css files in my public folder - laravel 6.2
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM