我想阻止人们直接使用 .htaccess 访问我的 php 页面
我有一个由 php 页面组成的网站,但它们是根据我认为用户需要的内容通过包含内容提供给用户的。如果他们能猜出 php 文件的名称,他们就可以访问这些页面。虽然这根本不是安全风险,但我宁愿有一种方法来捕获它并将它们重定向到其他地方。
我真的希望所有内容都通过索引页,除非它是一个存在的文件(任何以 .php 结尾的文件除外)。
我尝试了这个,没有用:
RewriteEngine on
RewriteCond %{REQUEST_URI} !(.*\.php$) [NC]
RewriteCond %{REQUEST_FILENAME} !-f [NC]
RewriteRule .* /n/index.php [NC]
I have a site that is made up of php pages, but they are served to the user through includes based on what I think they need. if they can guess the name of a php file, they can access those pages. while this is not a security risk at all, i would rather have a way to catch this and redirect them to somewhere else.
i really want everything to go through the index page unless it is a file that exists (exeption being for any file ending with .php).
I tried this, didnt work:
RewriteEngine on
RewriteCond %{REQUEST_URI} !(.*\.php$) [NC]
RewriteCond %{REQUEST_FILENAME} !-f [NC]
RewriteRule .* /n/index.php [NC]
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
也许您可以将 php 文件放在 Web 路径之外的目录中?
Maybe you can put the php files in a directory outside the web path?
处理这个问题的一种方法是在页面中定义一个常量,执行以下操作:
然后在每个包含文件的开头:
这是许多框架和 CMS 处理此问题的方式(我突然想到,Joomla! 和 CodeIgniter) ) - 您不需要搞乱 .htaccess,它也可以跨各种托管平台工作。
One way to handle this would be to define a constant in the page doing the including:
Then at the start of each included file:
This is the way many frameworks and CMS handle this issue (off the top of my head, Joomla! and CodeIgniter) - you don't need to mess about with .htaccess, and it will also work across various hosting platforms.
我认为这样的事情对你有用:
I think something like this will work for you:
这对我有用,看起来它应该做你想要的。不过,将您不想直接访问的脚本放在 Web 路径之外是更好的答案 - 它不需要特殊规则(稍后可能会破坏并需要更改)也不需要扩展。
This works for me, and looks like it should do what you want. Putting the scripts you don't want direct access to outside of the web path is the better answer though - it doesn't require special rules (that may later break and require changing) nor extensions.