堆栈内存溢出
  简体   繁体   English

PHP / Apache拒绝文件夹访问用户但不访问脚本

[英]PHP/Apache Deny folder access to user but not to script

 原文  2010-04-19 13:49:34       php/ apache/ download/ file-permissions

问题描述

So I have this php web app, and one of my folder contains some files that can be downloaded. 所以我有这个php web应用程序,我的一个文件夹包含一些可以下载的文件。

I have a download script that modifies the headers, in order to always offer a download link. 我有一个修改标题的下载脚本,以便始终提供下载链接。 (instead of showing a picture for example, when you click on a link, a download box pops out) (而不是显示图片,例如,当您点击链接时,会弹出一个下载框)

Right now, if you enter a url like: http://www.mywebsite.com/content/ You get the listing of all the downloadable files, and of course, you can just download them all, without going through the website interface. 现在,如果您输入以下网址: http//www.mywebsite.com/content/您将获得所有可下载文件的列表,当然,您只需下载所有文件,无需通过网站界面。

Personally, I don't think it's a problem, since I often use downthemall or other downloading tool, and this type of access is a great time saver.... 就个人而言,我不认为这是一个问题,因为我经常使用downthemall或其他下载工具,这种类型的访问是一个很好的节省时间....

But of course my company does not think so :-p They want people to use the interface in order to view the Ads... 但当然我的公司不这么认为:-p他们希望人们使用界面来查看广告......

Would they be a way, maybe with a protected .htaccess, to leave the folder access to my download script, but deny access to the users...? 他们是一种方式,也许是受保护的.htaccess,让文件夹访问我的下载脚本,但拒绝访问用户......?

I hope I am making sense and you know what I mean :) 我希望我有意义,你知道我的意思:)

All help/remarks appreciated! 所有帮助/评论赞赏!

4 个解决方案

解决方案1
 6  2010-04-19 13:53:26

Move the folder out of the webserver's root directory so that apache will not server files from that directory at all. 将文件夹移出Web服务器的根目录,以便apache根本不会从该目录服务文件。 You can still include files from the folder if it is readable by the apache/http user, but your site users won't be able to access it from any url. 如果apache / http用户可以读取该文件夹,您仍然可以包含该文件夹中的文件,但您的站点用户将无法从任何URL访问该文件。

解决方案2
 4 已采纳  2010-04-19 14:03:52

You can make a .htaccess file and enter Options -Indexes this will disable listing of the files in the directory. 您可以创建.htaccess文件并输入Options -Indexes这将禁用目录中文件的列表。

If you also need the traffic to originate from your site you will need to make a file say... index.php with code that checks $_SERVER['HTTP_REFERER'] to see if the traffic originates from your site. 如果您还需要来自您网站的流量,您需要创建一个文件说... index.php ,其代码检查$_SERVER['HTTP_REFERER']以查看流量​​是否来自您的网站。

EDIT 编辑

Oh I forgot you can actually fix it all in the .htaccess: 哦,我忘了你实际上可以在.htaccess中修复它: 

Options -Indexes
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://your-host.com/.*$ [NC]
RewriteRule ^.* /403-page [L,R]

This will do all the work of the script I suggested, so you won't need it anymore. 这将完成我建议的脚本的所有工作,因此您将不再需要它。

解决方案3
 1  2010-04-19 13:53:08

Yes, this is correct. 是的,这是正确的。 .access files block access to the users, but has no influence on local serverscripts. .access文件阻止对用户的访问,但对本地服务器脚本没有影响。

解决方案4
 0  2010-04-19 13:59:06

Deny from all

.htaccess或移动文件根目录上方的文件

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用apache / php拒绝直接访问文件夹中的任何文件 - Deny direct access to any files in a folder using apache/php 如何拒绝用户访问,但从.htaccess启用php脚本 - how to deny access to user but enable to php script from .htaccess 拒绝使用PHP访问某些文件夹 - deny access to certain folder using php 拒绝php应用程序中IIS 7中特定文件夹的访问 - Deny access on particular folder in IIS 7 in php application 拒绝php脚本访问父目录 - Deny php script to access parent directories 拒绝直接访问文件夹或文件,但允许index.php访问它 - Deny direct access to a folder or file, but allow index.php to access it 直接拒绝访问文件夹 - Deny access to folder directly 如何拒绝对Apache / PHP的整个计算机文件系统的访问? - How to deny access to whole computer file system for Apache/PHP? htaccess-拒绝php文件访问,但允许特定文件夹 - htaccess - Deny php file access but allow a specific folder 拒绝直接访问 php web 文件夹中的 PDF 文件 - Deny direct access to PDF files in php web folder
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM