使用 htaccess 允许拒绝 php 包括但不包括互联网用户
[英]Using htaccess to allow deny php includes but not internet users
问题描述
Is it possible to set the .htaccess file to deny all users but allow includes such as PHP functions or CSS?
是否可以将 .htaccess 文件设置为拒绝所有用户但允许包含诸如 PHP 功能或 CSS 之类的内容?
Thanks谢谢
2 个解决方案
解决方案1
3 已采纳 2011-06-29 23:44:43
Yes, that's one of the most popular uses of the .htaccess file.是的,这是 .htaccess 文件最流行的用途之一。 Set up .htaccess to deny all.将 .htaccess 设置为全部拒绝。 Nobody can download the pages in that directory, but you can include php files from this directory in your other directories.没有人可以下载该目录中的页面,但您可以在其他目录中包含此目录中的 php 文件。 You can't really host css files in the directory and then deny all, because the user has to download these directly.您不能真正在目录中托管 css 文件然后全部拒绝,因为用户必须直接下载这些文件。 Same goes for images and javascript files.图像和 javascript 文件也是如此。 Basically, anything the client has to read shouldn't go in a "deny-all" directory, but stuff that only needs to be read by the server, like php includes are fine.基本上,客户端必须读取的任何内容都不应该 go 在“全部拒绝”目录中,而是只需要由服务器读取的内容,例如 php 包含的内容都可以。
解决方案2
1 2011-06-29 23:52:32
If you don't want something to be downloadable, then don't put it into a public-facing directory.如果您不希望某些内容可下载,请不要将其放入面向公众的目录中。 Put those files in a different directory outside the webroot.将这些文件放在 webroot 之外的不同目录中。
This way they don't get exposed if the .htaccess gets disabled somehow.这样,如果 .htaccess 以某种方式被禁用,它们就不会暴露。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.