堆栈内存溢出
  简体   繁体   English

拒绝直接访问文件夹或文件,但允许index.php访问它

[英]Deny direct access to a folder or file, but allow index.php to access it

 原文  2018-03-18 02:48:29       php/ .htaccess

问题描述

I want to block direct access to the music folder on my website which contains my music.(I want the music to be played, but not downloaded) 我想阻止直接访问我网站上包含我的音乐的音乐文件夹。(我希望播放音乐,但不下载)

But I also want to be able to play the music on the browser, I blocked access using the .htaccess file, but because of this, I cannot play the songs on the browser. 但是我也希望能够在浏览器中播放音乐,我使用.htaccess文件阻止了访问,但是由于这个原因,我无法在浏览器中播放歌曲。

My .htacces file looks like this. 我的.htacces文件如下所示。 and it is inside the music folder. 它在音乐文件夹中。 

Order Deny,Allow
Deny from All
<FilesMatch "^$|(index)\.php$">
Allow from All
</FilesMatch>

Is there a way to do this, to play the song while direct access to the folder is blocked. 有没有一种方法可以在直接访问文件夹的同时播放歌曲。

1 个解决方案

解决方案1
 0  2018-03-18 03:17:52

If the browser can access the data, by definition, it is downloadable. 根据定义,如果浏览器可以访问数据,则可以下载该数据。 However I've had some success in situations like yours with the following approach: 但是,通过以下方法,我在像您这样的情况下取得了一些成功:

Create a music.php file that does two things: 1) Checks the request for 'timeliness', and 2) Uses file_get_contents() to serve the content (using the correct Content-Type) without revealing the path to your music directory. 创建一个执行以下两项操作的music.php文件:1)检查请求是否“及时”,以及2)使用file_get_contents()来提供内容(使用正确的Content-Type)而不显示音乐目录的路径。

The request could look like http://blah.com/music/50/1521342509/j25ia920oj12501 . 该请求可能看起来像http://blah.com/music/50/1521342509/j25ia920oj12501

  • /music/ is not a directory, but a mod_rewrite condition/rule (in your .htaccess file), sending the request to music.php /music/不是目录,而是mod_rewrite条件/规则(在.htaccess文件中),将请求发送到music.php
  • /50/ is the actual song name /50/是实际的歌曲名称
  • 1521342509 is the unix timestamp of the music request ... any requests more than a few seconds after this timestamp is likely a user attempt. 1521342509是音乐请求的unix时间戳,任何超过此时间戳几秒的请求都可能是用户的尝试。
  • j25ia920oj12501 is a hash of that same time timestamp (sha256, truncated after 16 characters is plenty), to ensure the timestamp is authentic. j25ia920oj12501是同一时间时间戳的哈希值(sha256,在16个字符后被截断是足够的),以确保时间戳是真实的。

This is far from foolproof, but is entirely effective at preventing all but the most dedicated/clever from downloading your stuff. 这远非万无一失,但对于阻止除最专注/最聪明的人以外的所有人都无法下载您的东西,它是完全有效的。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 拒绝直接访问除index.php之外的所有.php文件 - Deny direct access to all .php files except index.php PHP - 拒绝文件夹访问没有直接链接到文件? - PHP - Deny folder access without direct link to file? 所有文件仅通过 index.php 下载并拒绝从浏览器直接访问它们 - All files download only through index.php and deny direct access to them from browser 半直接文件访问与index.php控制器 - Semi-direct file access vs index.php controller 拒绝通过htaccess直接访问文件夹和文件 - deny direct access to a folder and file by htaccess htaccess-拒绝php文件访问,但允许特定文件夹 - htaccess - Deny php file access but allow a specific folder 限制通过浏览器直接访问 .php 文件,只允许 index.php 访问它们 - Restrict direct access to .php files through browser and allow only index.php to access them 使用 CodeIgniter 阻止对 index.php 的直接访问 - Blocking direct access to index.php with CodeIgniter 拒绝直接访问,但允许打开 - deny direct access but allow fopen 仅当bot要求时才允许直接url访问图像,否则使用.htaccess将url传递到index.php文件 - allow direct url access to image only if requested by bot otherwise pass url to index.php file using .htaccess
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM