拒绝访问文件夹内的文件,但允许 REST API
[英]Deny access to files inside folder but allow a REST API
问题描述
I am using this .htaccess to simulate a folder full of files (a simple REST API):
我正在使用这个.htaccess来模拟一个充满文件的文件夹(一个简单的 REST API):
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule files/(.*)$ api.php?file=$1 [QSA,NC,L]
Let's call this folder magicfolder where I am using this .htaccess file.让我们将此文件夹magicfolder ,我正在使用此.htaccess文件。 In fact, there is only api.php that is creating every file that is requested.事实上,只有api.php正在创建每个请求的文件。 So, an url like mysite.com/magicfolder/files/image.jpg is converted into mysite.com/magicfolder/api.php?file=image.jpg .因此,像mysite.com/magicfolder/files/image.jpg这样的 url 被转换为mysite.com/magicfolder/api.php?file=image.jpg 。 This is great.这很棒。 But I want also to add some rules that makes any real file that exists in magicfolder (logs and even api.php ) to be inaccessible for users.但我还想添加一些规则,使用户无法访问magicfolder (日志甚至api.php )中存在的任何真实文件。
1 个解决方案
解决方案1
2 已采纳 2021-05-25 15:58:39
With your shown samples, could you please try following.使用您显示的示例,您能否尝试以下操作。 Please clear your browser cache before testing your URLs.请在测试您的 URL 之前清除您的浏览器缓存。 Make sure your htaccess rules file is present inside magicfolder folder.确保您的 htaccess 规则文件存在于 magicfolder 文件夹中。
RewriteEngine On
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ - [F,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^files/(.*)/?$ api.php?file=$1 [QSA,NC,L]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.