I just wanna protect my assets folder in client side. All of my files can access public. I wanna protect it. I have rules .htaccess
like below, any wrong rules there?
RewriteEngine on
RewriteCond $1 !^(index\.php|assets|robots\.txt)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L,QSA]
You can do two things
.htaccess
(Not Tested)index.html
add .htaccess
inside the assets folder
<IfModule authz_core_module>
Require all denied
</IfModule>
<IfModule !authz_core_module>
Deny from all
</IfModule>
Create index.html
file inside the directory and add this
<!DOCTYPE html>
<html>
<head>
<title>403 Forbidden</title>
</head>
<body>
<p>Directory access is forbidden.</p>
</body>
</html>
When some one access outside you get this on browser
Directory access is forbidden.
Create a helper to access these 'assets'. And allow requests to these files only from your server. That's one way to solve this.
You can protect your assets
or files folder similarly as CI
protects its application file. Simply copy .htaccess
file and index.html
file from application and paste it to your assets file.
I had this same issue, My front assests folder was directly through URL. Add a empty index.php file in your folders and it will solve the problem.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.