堆栈内存溢出
  简体   繁体   English

使用Apache拒绝除索引以外的所有文件

[英]Deny all files except the index using apache

 原文  2011-10-31 16:11:49       php/ .htaccess/ indexing

问题描述

Here's my .htaccess 这是我的.htaccess 

<Files *>
  Order Deny,Allow
  Deny from all
</Files>

<Files index.php>
  Order Deny,Allow
  Allow from all
</Files>

This is not working, cause if I type the hostname in my browser, it serves the index.php but apache doesn't seem to apply the Files instructions and instead returns a non-allowed file access page, I need typing the fullname document (eg 'index.php') to make it work. 这是行不通的,因为如果我在浏览器中输入主机名,它将提供index.php,但是apache似乎没有应用“文件”指令,而是返回了不允许的文件访问页面,我需要输入全名文档(例如“ index.php”)以使其正常工作。 which is not really convenient... 这不是很方便...

how to proceed if I want users only access index files of each folder in my website ? 如果我希望用户仅访问网站中每个文件夹的索引文件,该如何进行? all the other files are just script inclusions so i believe i'm doing right trying to make them inaccessible from the web (or maybe not, if only you have one reason to prove the other case). 所有其他文件都只是脚本包含的内容,因此我相信我正在做正确的尝试,以使它们无法从Web上访问(或者,如果您只有一个理由来证明另一种情况,也许不能)。

Regardless the question above, is it the right way to do the job ? 不管上面的问题,这是正确的方法吗? (I think the two directives here are not neat but it's the only way, well almost the only way that I know to avoid accesses to files). (我认为这里的两个指令并非整齐,但这是避免访问文件的唯一方法,几乎​​是我所知道的唯一方法)。

2 个解决方案

解决方案1
 1  2011-10-31 16:58:45

Not exactly sure why you need to do this, but you can use mod_setenvif (no need to wrap this inside a <Files> ) 不确定是否需要这样做,但是可以使用mod_setenvif (无需将其包装在<Files> 

SetEnvIf Request_URI ^/index.php$ index
Order Allow,Deny
Allow from env=index

This will cause access to hostname.com/ to 403 but allow hostname.com/index.php. 这将导致对hostname.com/的访问达到403,但允许hostname.com/index.php。 If you want to allow / as well, just add 如果您也想允许/,只需添加 

SetEnvIf Request_URI ^/$ index

to the top. 到顶部。 Of course, all this will make it so anything that index.php links to will also return a 403. 当然,所有这些将使index.php链接到的任何内容也将返回403。

解决方案2
 0  2015-03-29 08:00:09

<Files *?>
    Order deny,allow
    Deny from all
</Files>

You just need to add a question mark to match at least one character. 您只需要添加一个问号即可匹配至少一个字符。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 .htaccess拒绝除索引以外的所有php文件 - .htaccess deny php files from all except index 拒绝直接访问除index.php之外的所有.php文件 - Deny direct access to all .php files except index.php 除了现有文件和文件夹之外,Apache将all重定向到index.php - Apache redirect all to index.php except for existing files and folders .htaccess全部拒绝,重定向到404页面,除了2个文件 - .htaccess deny from all, redirect to 404 page and except for 2 files 拒绝访问子目录中除一个文件以外的所有文件 - Deny access to all files except one from subdirectory 拒绝访问除程序以外的文件? - Deny access to files except program? Nginx - 阻止除 index 之外的所有 *.php 文件 - Nginx - block all *.php files except index 使用apache / php拒绝直接访问文件夹中的任何文件 - Deny direct access to any files in a folder using apache/php 拒绝直接访问除具有get参数的一个PRETTY URL以外的所有文件 - Deny direct access to all files except one PRETTY URL with get parameters .htaccess拒绝除一个具有重写规则的文件以外的所有文件 - .htaccess deny all files except one file which has a rewrite rule
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM