堆栈内存溢出
  简体   繁体   English

.htaccess不允许用户查看没有index.php的文件夹文件

[英].htaccess don't allow user to view my folder files that don't have index.php

 原文  2011-10-21 05:27:33       php/ javascript/ .htaccess

问题描述

On my server, I've created a folder that doesn't have an index.php or index.html. 在我的服务器上,我创建了一个没有index.php或index.html的文件夹。 

folder1/test.php
folder1/sample.php
folder1/hello.php

When I tried to visit that folder, it shows all the files in there. 当我尝试访问该文件夹时,它会显示其中的所有文件。

That is my concern, it should not show the files in my folder because it is prone to hacking. 这是我的担心,它不应该显示我的文件夹中的文件,因为它很容易被黑客攻击。 It should display a page like a 403 Forbidden. 它应该显示像403 Forbidden这样的页面。 I don't want to used an index.php just to redirect them to somewhere. 我不想只使用index.php将它们重定向到某个地方。

I heard that this involves .htaccess and this is a smart thing to do. 我听说这涉及.htaccess,这是一个聪明的事情。

Kindly teach me how to do it. 请教我如何做到这一点。

4 个解决方案

解决方案1
 3 已采纳  2011-10-21 05:31:46

In a .htaccess file in your document root... 在文档根目录中的.htaccess文件中... 

Options -Indexes

See http://httpd.apache.org/docs/2.2/mod/core.html#options 请参见http://httpd.apache.org/docs/2.2/mod/core.html#options

解决方案2
 2  2011-10-21 05:32:32

That is called directory listing. 这称为目录列表。 You have to add a file named .htaccess in folder1 and add the following line to it 您必须在folder1中添加名为.htaccess的文件,并向其添加以下行 

IndexIgnore *

to prevent directory listing to list any files. 防止目录列表列出任何文件。

解决方案3
 1  2011-10-21 05:32:21

What you are referring to is called 'Directory Browsing' and is a bad thing, usually. 您所指的是“目录浏览”,通常是一件坏事。 To prevent directory browsing, create or modify a .htaccess file in the root of your site. 要防止目录浏览,请在站点的根目录中创建或修改.htaccess文件。

If you create an .htaccess file, place this line inside of it: 如果您创建.htaccess文件,请将此行放在其中: 

 Options All -Indexes

If modifying, look for 如果修改,请寻找

Options All +Indexes 选项全部+索引

and change it to Options All -Indexes 并将其更改为Options All -Indexes

If you do not see an Indexes directive, add the line from option 1. That should do it. 如果您没有看到Indexes指令,请添加选项1中的行。应该这样做。

解决方案4
 1  2011-10-21 05:34:08

Yes, you can put: 是的,你可以把: 

Options -Indexes

Or this: 或这个: 

IndexIngnore *

But for the .htaccess to be honored you have to put something simlar to: 但是要让.htaccess获得荣誉,你必须把类似的东西放到: 

AllowOverride All

In the httpd.conf or similar in your server configuration 在httpd.conf或类似的服务器配置中

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 .htaccess 文件从 url 中删除 index.php 时,我无法使用 Codeigniter 4 访问“/public/assets” - I don't have access to '/public/assets' using Codeigniter 4 when removing index.php from url using a .htaccess file Nginx 将所有流量重定向到 index.php,但不允许任意文件访问 - Nginx redirect all traffic to index.php, but don't allow arbitrary file access PHP-不计算index.php中的用户 - PHP - Don't Count Users from index.php HTTPS错误-您无权访问此服务器上的/index.php - HTTPS error - You don't have permission to access /index.php on this server 403:您无权访问此服务器上的/index.php - 403:You don't have permission to access /index.php on this server URL重写:将HTTP请求中不存在的源文件包含到“ index.php”中 - URL rewriting : including source files to “index.php” from HTTP requests which don't really exist 如果index.php之后&存在,则不要替换链接?a = 2 - Don't replace link if & exist after index.php?a=2 nginx重定向到尾部斜杠,并替换为index.php(如果文件和文件夹不存在) - nginx redirect to trailing slashes and substitude to index.php (if files and folders don't exists) WordPress不显示| 在里面 <title> index.php上的属性 - Wordpress don't show | in the <title> attribute on the index.php 浏览器缓存,index.php不再存在 - Browser cache, index.php don't exists any more
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM