堆栈内存溢出
  简体   繁体   English

如何使用htaccess拒绝文件的用户访问,而不拒绝使用该文件的插件的访问?

[英]How to deny access to users for a file but not to the plugin which uses the file using htaccess?

 原文  2018-09-16 17:25:20       php/ wordpress/ apache/ .htaccess

问题描述

I have a plugin which is using an xml file located in the plugin folder. 我有一个使用位于plugin文件夹中的xml文件的插件。

example.com/wp-content/plugins/myplugin/myxml.xml example.com/wp-content/plugins/myplugin/myxml.xml

I want to deny access to the file for users but not to the plugin. 我想拒绝用户访问文件,而不是插件。 If I type the URL I can read the file. 如果键入URL,则可以读取文件。 I used the following in htaccess inside my plugin's folder 我在插件文件夹内的htaccess中使用了以下内容 

<Files ~ "\.xml$">  
Order Allow,Deny
Deny from All
</Files>

I get the 403 error but the plugin cannot read the file 我收到403错误,但插件无法读取文件

I used Options -Indexes as well 我也使用了选项-索引

How can I fix this? 我怎样才能解决这个问题?

4 个解决方案

解决方案1
 0  2018-09-16 18:36:22

 <Files ~ "\.xml$">  
  Order Allow,Deny
  Deny from All
  Allow from localhost
</Files>

解决方案2
 0  

This will only work if you place it in the main .htaccess. 仅当您将其放置在主.htaccess中时,此方法才有效。 Then the file is not accessible from outside but accessible from the wordpress 然后,无法从外部访问文件,但可以从wordpress访问文件

解决方案3
 0  2018-09-17 07:44:34

The recommended solution for this issue is, Set proper file permission and user group. 对于此问题,建议的解决方案是:设置适当的文件许可权和用户组。 So all the application can access the file, but Public Users can't. 因此,所有应用程序都可以访问该文件,但公共用户则不能。 For more information visit Linux File permission 有关更多信息,请访问Linux File许可。

解决方案4
 0  2018-09-17 19:52:50

There are a couple of ways to go about this: 有两种方法可以解决此问题:

  • Load the file from the filesystem and not over the network if possible. 如果可能,从文件系统而不是通过网络加载文件。
  • Use access control as @Jamie_D has suggested. 使用@Jamie_D建议的访问控制。 His code might not work if example.com doesn't resolve to localhost (check your /etc/hosts ). 如果example.com不能解析为localhost (请检查/ etc / hosts ),则他的代码可能无法正常工作。 It the file has to be accessed over the public internet, use your public IP. 必须通过公共Internet访问该文件,并使用您的公共IP。

For reference, here is the documentation for mod_access . 作为参考,这里是mod_access的文档。

Access can be controlled based on the client hostname, IP address, or other characteristics of the client request, as captured in environment variables. 可以根据客户端主机名,IP地址或客户端请求的其他特征(如环境变量中捕获的)来控制访问。

And you could also use authentication for that file. 您还可以对该文件使用身份验证

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用htaccess拒绝ajax文件访问 - Deny ajax file access using htaccess 如何拒绝访问文件 - How to deny access to a file 如何使用 .htaccess 访问一个文件:拒绝所有人 - How to access one file with .htaccess : deny from all 拒绝访问 .htaccess 中的 .ini 文件是否安全? - Is it safe to deny access to .ini file in .htaccess? 使用htaccess和PHP拒绝目录和文件访问 - Deny directory and file access with both htaccess and PHP 拒绝通过htaccess直接访问文件夹和文件 - deny direct access to a folder and file by htaccess 如果不存在$ _POST,htaccess拒绝访问文件吗? - htaccess deny access to file if no $_POST exist? 我如何使用htaccess拒绝从URL直接访问服务器文件夹中的所有php文件和某些html文件? - How can i deny direct access from url to all php file and some html in my server folder using htaccess? 使用htaccess将PHP文件名重写为cgi,并拒绝访问php文件 - Rewrite PHP file names to cgi with htaccess and deny access to php files htaccess-拒绝php文件访问,但允许特定文件夹 - htaccess - Deny php file access but allow a specific folder
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM