拒绝使用PHP访问某些文件夹
[英]deny access to certain folder using php
问题描述
Is it possible to "deny from all" apache htaccess style using php. 
是否有可能使用php“拒绝所有人”的apache htaccess样式。
I can't use htaccess because im using different webserver, so i wan't to use php to workaround it. 我不能使用htaccess,因为即时通讯使用的是不同的网络服务器,所以我不会使用php来解决它。
So let say user are trying to access folder name 'david', all content and subdirectory are denied from viewing. 因此,假设用户尝试访问文件夹名称“ david”,则拒绝查看所有内容和子目录。
4 个解决方案
解决方案1
3 2010-03-18 05:00:28
No 没有
PHP cannot be used to protect folders. PHP不能用于保护文件夹。
Because it is not PHP who serves requests, but a web server 因为服务请求的不是PHP,而是Web服务器
You can move this catalog above Document Root to prevent web access to it. 您可以将此目录移到“文档根目录”上方,以防止对其进行Web访问。
But premissions will help you nothing 但是低调不会帮助你
解决方案2
1 2010-03-18 04:59:01
解决方案3
1 2010-03-18 05:21:20
If you just want to prevent indexing the folder, you can create an index.php file that does a simple redirection. 如果只想防止对该文件夹建立索引,则可以创建一个执行简单重定向的index.php文件。 Note: Requests that have a valid filename will still be let through. 注意:具有有效文件名的请求仍将被允许通过。
<?php
header("Location: /"); // redirect user to root directory
解决方案4
0 已采纳 2010-03-18 05:49:44
Without cooperation from the webserver the only way to protect your files is 没有网络服务器的合作 ,保护文件的唯一方法是
to encrypt them , in an archive, maybe, of which your script would know the password and tell no one - that will end up wasting cpu as the server will be decrypting it all the time, or
加密它们 ,也许是在存档中, 您的脚本可能会知道该密码并且不告诉任何人 -这最终会浪费cpu,因为服务器将一直对其进行解密,或者 to use an incredibly deranged file naming scheme , a file naming scheme you won't ever describe to anyone, and that only your php script can sort trough.
使用难以置信的混乱文件命名方案 ,这是您永远不会描述给任何人的文件命名方案,并且只有您的php脚本才能进行排序。
Still data could be downloaded, bandwidth go to waste and encrypted files decrypted. 仍然可以下载数据,浪费带宽,解密加密文件。
It all depends on how much that data matters. 这完全取决于数据的重要性。 And how much your time costs, as these convoluted layers of somewhat penetrable obfuscation will likely eat huge chunks of developer time. 以及花费多少时间, 因为这些令人费解的混淆层错综复杂,可能会占用开发人员大量时间。
Now, as I said... that would be without cooperation from the webserver ... but what if the webserver is cooperating and doesn't know? 现在,就像我说的那样……如果没有网络服务器的合作, ……但是如果网络服务器正在合作并且不知道怎么办?
I've seen some apache webservers, (can anyone confirm it's in the standard distribution?) for instance, come preloaded with a rule denying access to files starting with .ht , not only .htaccess but everything similar: .htproxy, .htcache, .htwhatever_comes_to_mind, .htyourmama... 我已经看到一些apache网络服务器(例如,有人可以确认它是否在标准发行版中吗?)预先装有一条规则 , 该规则拒绝访问以.ht开头的文件 ,不仅是.htaccess而是所有类似的内容: .htproxy, .htcache, .htwhatever_comes_to_mind, .htyourmama...
Chances are your server could be one of those. 您的服务器可能就是其中之一。
If that's the case... rename your hidden files .hthidden-<filename1>,.hthidden-<filename2>... and you'll get access to them only through php file functions, like readfile() 如果是这样的话...将您的隐藏文件重命名为.hthidden-<filename1>,.hthidden-<filename2>... ,您将只能通过php文件功能(如readfile()访问它们
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.