[英].htaccess don't allow user to view my folder files that don't have index.php
On my server, I've created a folder that doesn't have an index.php or index.html. 在我的服务器上,我创建了一个没有index.php或index.html的文件夹。
folder1/test.php
folder1/sample.php
folder1/hello.php
When I tried to visit that folder, it shows all the files in there. 当我尝试访问该文件夹时,它会显示其中的所有文件。
That is my concern, it should not show the files in my folder because it is prone to hacking. 这是我的担心,它不应该显示我的文件夹中的文件,因为它很容易被黑客攻击。 It should display a page like a 403 Forbidden.
它应该显示像403 Forbidden这样的页面。 I don't want to used an index.php just to redirect them to somewhere.
我不想只使用index.php将它们重定向到某个地方。
I heard that this involves .htaccess and this is a smart thing to do. 我听说这涉及.htaccess,这是一个聪明的事情。
Kindly teach me how to do it. 请教我如何做到这一点。
In a .htaccess
file in your document root... 在文档根目录中的
.htaccess
文件中...
Options -Indexes
See http://httpd.apache.org/docs/2.2/mod/core.html#options 请参见http://httpd.apache.org/docs/2.2/mod/core.html#options
That is called directory listing. 这称为目录列表。 You have to add a file named
.htaccess
in folder1 and add the following line to it 您必须在folder1中添加名为
.htaccess
的文件,并向其添加以下行
IndexIgnore *
to prevent directory listing to list any files. 防止目录列表列出任何文件。
What you are referring to is called 'Directory Browsing' and is a bad thing, usually. 您所指的是“目录浏览”,通常是一件坏事。 To prevent directory browsing, create or modify a .htaccess file in the root of your site.
要防止目录浏览,请在站点的根目录中创建或修改.htaccess文件。
If you create an .htaccess file, place this line inside of it: 如果您创建.htaccess文件,请将此行放在其中:
Options All -Indexes
If modifying, look for 如果修改,请寻找
Options All +Indexes
选项全部+索引
and change it to Options All -Indexes
并将其更改为
Options All -Indexes
If you do not see an Indexes directive, add the line from option 1. That should do it. 如果您没有看到Indexes指令,请添加选项1中的行。应该这样做。
Yes, you can put: 是的,你可以把:
Options -Indexes
Or this: 或这个:
IndexIngnore *
But for the .htaccess to be honored you have to put something simlar to: 但是要让.htaccess获得荣誉,你必须把类似的东西放到:
AllowOverride All
In the httpd.conf or similar in your server configuration 在httpd.conf或类似的服务器配置中
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.