[英]Deny access to files inside folder but allow a REST API
I am using this .htaccess
to simulate a folder full of files (a simple REST API):我正在使用这个
.htaccess
来模拟一个充满文件的文件夹(一个简单的 REST API):
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule files/(.*)$ api.php?file=$1 [QSA,NC,L]
Let's call this folder magicfolder
where I am using this .htaccess
file.让我们将此文件夹
magicfolder
,我正在使用此.htaccess
文件。 In fact, there is only api.php
that is creating every file that is requested.事实上,只有
api.php
正在创建每个请求的文件。 So, an url like mysite.com/magicfolder/files/image.jpg
is converted into mysite.com/magicfolder/api.php?file=image.jpg
.因此,像
mysite.com/magicfolder/files/image.jpg
这样的 url 被转换为mysite.com/magicfolder/api.php?file=image.jpg
。 This is great.这很棒。 But I want also to add some rules that makes any real file that exists in
magicfolder
(logs and even api.php
) to be inaccessible for users.但我还想添加一些规则,使用户无法访问
magicfolder
(日志甚至api.php
)中存在的任何真实文件。
With your shown samples, could you please try following.使用您显示的示例,您能否尝试以下操作。 Please clear your browser cache before testing your URLs.
请在测试您的 URL 之前清除您的浏览器缓存。 Make sure your htaccess rules file is present inside magicfolder folder.
确保您的 htaccess 规则文件存在于 magicfolder 文件夹中。
RewriteEngine On
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ - [F,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^files/(.*)/?$ api.php?file=$1 [QSA,NC,L]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.