[英]How to deny access to users for a file but not to the plugin which uses the file using htaccess?
I have a plugin which is using an xml file located in the plugin folder. 我有一个使用位于plugin文件夹中的xml文件的插件。
example.com/wp-content/plugins/myplugin/myxml.xml example.com/wp-content/plugins/myplugin/myxml.xml
I want to deny access to the file for users but not to the plugin. 我想拒绝用户访问文件,而不是插件。 If I type the URL I can read the file.
如果键入URL,则可以读取文件。 I used the following in htaccess inside my plugin's folder
我在插件文件夹内的htaccess中使用了以下内容
<Files ~ "\.xml$">
Order Allow,Deny
Deny from All
</Files>
I get the 403 error but the plugin cannot read the file 我收到403错误,但插件无法读取文件
I used Options -Indexes as well 我也使用了选项-索引
How can I fix this? 我怎样才能解决这个问题?
<Files ~ "\.xml$">
Order Allow,Deny
Deny from All
Allow from localhost
</Files>
This will only work if you place it in the main .htaccess. 仅当您将其放置在主.htaccess中时,此方法才有效。 Then the file is not accessible from outside but accessible from the wordpress
然后,无法从外部访问文件,但可以从wordpress访问文件
The recommended solution for this issue is, Set proper file permission and user group. 对于此问题,建议的解决方案是:设置适当的文件许可权和用户组。 So all the application can access the file, but Public Users can't.
因此,所有应用程序都可以访问该文件,但公共用户则不能。 For more information visit Linux File permission
有关更多信息,请访问Linux File许可。
There are a couple of ways to go about this: 有两种方法可以解决此问题:
example.com
doesn't resolve to localhost
(check your /etc/hosts ). example.com
不能解析为localhost
(请检查/ etc / hosts ),则他的代码可能无法正常工作。 It the file has to be accessed over the public internet, use your public IP. For reference, here is the documentation for mod_access . 作为参考,这里是mod_access的文档。
Access can be controlled based on the client hostname, IP address, or other characteristics of the client request, as captured in environment variables.
可以根据客户端主机名,IP地址或客户端请求的其他特征(如环境变量中捕获的)来控制访问。
And you could also use authentication for that file. 您还可以对该文件使用身份验证 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.