Apache 2.4 - 如何拒绝对 DocumentRoot 的访问,但允许对 DirectoryIndex 文件的“尾部斜杠”访问
[英]Apache 2.4 - How to deny access to DocumentRoot but allow 'trailing slash' access to DirectoryIndex file
问题描述
In my Apache 2.4 VirtualHost configuration, I'd like to - by default - deny access to everything in the DocumentRoot that I do not enable explicitly.
在我的 Apache 2.4 VirtualHost 配置中,我想 - 默认情况下 - 拒绝访问我没有明确启用的DocumentRoot中的所有内容。 To that end, I have written:为此,我写道:
DocumentRoot /var/www
<Directory "/var/www">
Require all denied
<Files "index.html">
Require all granted
</Files>
</Directory>
This enables direct access to http://myserver.example/index.html , but results in a 403 response for indirect access to http://myserver.example/ .这允许直接访问http://myserver.example/index.html ,但会导致403响应间接访问http://myserver.example/ 。
How can I correct this behaviour?我该如何纠正这种行为?
1 个解决方案
解决方案1
1 2019-11-25 20:03:13
Following the hint that I "did not explicitly allow / ", resulting in it being forbidden set me on the right track to solve this.遵循我“没有明确允许/ ”的提示,导致它被禁止让我走上解决这个问题的正确轨道。 Adding a LocationMatch directive that deals with the trailing slash exclusively results in the desired behaviour:添加专门处理尾部斜杠的LocationMatch指令会导致所需的行为:
DocumentRoot /var/www
<Directory "/var/www/">
Require all denied
<Files "index.html">
Require all granted
</Files>
</Directory>
# Regex anchored at string beginning and end
# -> only matches "/"
<LocationMatch "^/$">
Require all granted
</LocationMatch>
Note that adding a <Files "/"> directive does not work, probably because the accessed resource is not really a file.请注意,添加<Files "/">指令不起作用,可能是因为访问的资源不是真正的文件。 Neither is <Location /> the right thing, because it would be applied to the entire VirtualHost. <Location />也不是正确的,因为它将应用于整个 VirtualHost。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.