通过 Apache 和 PHP 过滤 Web 文件夹
我正在寻找一种方法来过滤和控制对网站上文件夹的访问。
然而,我想做的是通过 PHP 和 Apache 过滤访问请求,有点像 Java 中实现过滤器的方式。
因此,当用户尝试访问
http://www.mywebsite.example/files/afile 时。 zip
我希望它首先通过 PHP 脚本,以确保用户不会尝试多次下载同一文件,或者正在执行其他可能破坏网站的操作。
这样的事情可能吗?我知道可以简单地将文件移动到文档根目录之上,然后以这种方式提供它们,但我一直在寻找更优雅的东西。
我可以使用 .htaccess 和 mod_rewrite 的任意组合来执行此操作吗?
I'm looking for a way to filter and control access to a folder on a website.
However, what I'd like to do is filter the access requests via PHP and Apache, a little like the way filters are implemented in Java.
So, when a user tries to visit
http://www.mywebsite.example/files/afile.zip
I'd like it first to pass through a PHP script to ensure that the user is not trying to download the same file multiple times, or is doing something else that could break the website.
Is something like this possible? I know it's possible to simply move files above the document root and then serve them that way, but I was looking for something a little more elegant.
Can I use any combination of .htaccess and mod_rewrite to do this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我认为将文件移动到 Web 根目录之上比使用 mod_rewrite 进行修改更优雅。只是说。它们要么直接提供服务并属于网络根目录,要么不是,因此不属于网络根目录。
无论如何,它是相当容易实现的,在
files/.htaccess
中validate.php
现在应该可以访问$_GET['file']< 中的请求文件名/代码>。
(代码未经测试;如果出现错误请告诉我。mod_rewrite 从来没有那么喜欢我。)
I think moving the files above the web root is more elegant than hacking around with around mod_rewrite. Just saying. They're either directly served and belong in the web root, or they're aren't and therefore don't.
Regardless, it's doable fairly easily, in
files/.htaccess
validate.php
should now have access to the request file name in$_GET['file']
.(Code untested; let me know if you get errors. mod_rewrite never really liked me all that much.)
您可以将类似的内容添加到 .htaccess 中:
这会将文件的所有请求重定向到该脚本。您可以对任何用户数据执行逻辑检查,然后设置标头 Content-Type、文件名,并将文件流读入浏览器。
我需要提到路径(在这种情况下“/files/”不应该存在。您可能实际上希望将文件保留在公共网络之外,并创建指向 /files/NAME.EXT 的所有文件的链接
)该代码仅适用于 ZIP,您可以执行以下两个示例。第一个将仅针对一系列文件扩展名运行。第二个将获取 /files/ 路径之后的任何文件。
第二个:
然后您需要创建一个脚本” phpscript.php”如下:
类似的东西。
You can add something like this into .htaccess:
This will redirect all requests for a file to that script. You can perform logic checking against any user data and then set the header Content-Type, file name, and read the stream of the file into the browser.
I need to mention that the path (in this case "/files/" shouldn't exist. You may want to actually keep the files out of the public web and create links to all the files pointed to /files/NAME.EXT
Lastly that code will only work for ZIP you can do the following two examples. First will will only run against a series of file extensions. Second will take any file after the /files/ path.
Second:
Then you would need to create a script "phpscript.php" that follows:
Something like that.
我会为此使用 mod_rewrite 。
我过去做过类似的事情,用户可以下载视频,但必须确保他们已登录。
事情是这样的:
在我的 video-download.php 的 .htaccess
中,我检查了他们是否已登录,跟踪谁下载了视频等,然后再向他们抛出下载对话框。
就您的情况而言,一旦他们访问此页面,您就想针对他们的会话添加一个计数器,并以此为基础建立您的逻辑。
I would use mod_rewrite for this.
Ive done something like this in the past where users were able to download videos but had to ensure they were logged in.
Went something like this:
in my .htaccess
in my video-download.php I did a check to see if they were logged in, tracked who download the video etc, etc before throwing them the download dialog box.
In your case, soon as they hit this page you want to add a counter against their session and base your logic around that.