使用 .htaccess 拒绝直接请求

发布于 2024-09-26 04:48:49 字数 356 浏览 5 评论 0原文

有什么方法可以使用 .htaccess 拒绝对我网站特定部分的直接请求,例如 www.example.com/XXXXXX

我只想允许 Referer 仅对 XXXXXX。我知道我必须以某种方式使用 HTTP_REFERER 来实现我的目标,但目前我正在使用其他 .htaccess 规则,并且不确定如何将所有规则组合在一起。这就是我现在在 .htaccess 中的内容

选项+FollowSymlinks RewriteEngine 在 RewriteCond %{REQUEST_FILENAME} 上!-f 重写规则 ^([^/]+)$ /index.php?page=$1 [QSA,L]

Is there any way to use .htaccess to deny direct Request to a specific part of my website e.g. www.example.com/XXXXX

I only want to allow Referer only to XXXXXX. I know that I have to use HTTP_REFERER somehow to accomplish my goal but currently I am using other .htaccess rules and not sure how to combine all rules together. This is what I have right now in my .htaccess

Options +FollowSymlinks RewriteEngine
on RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^/]+)$
/index.php?page=$1 [QSA,L]

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

多彩岁月 2024-10-03 04:48:49

首先,我不确定我是否正确理解你的问题,但无论如何我都会尝试一下。

目前您拥有:

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteRule ^([^/]+)$ /index.php?page=$1 [QSA,L]

您还需要的是:

RewriteCond %{REQUEST_FILENAME}   -d
RewriteCond %{HTTP_REFERER} !^http://your-domain\.tld/.*$ [NC]
RewriteRule XXXXXX/(.*)$ - [F,NC,L]

.htaccess RewriteRule 按其出现的顺序进行检查,因此您可能想做这样的事情,尽管我立场正确,因为还没有' t 有机会检查它是否有效:

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^([^/]+)$ /index.php?page=$1 [QSA]
RewriteCond %{HTTP_REFERER} !^http://your-domain\.tld/.*$ [NC]
RewriteRule XXXXXX/(.*)$ - [F,NC,L]

也就是说,首先检查它是否是一个名为 index.php 的参数文件,该文件应该被重写,如果不是(没有 L 标志),则继续下一个规则首先获取新条件,然后如果规则有效,则限制访问(抛出 HTTP 403)。

这有道理吗?
无论如何,请尝试上面的 .htaccess 示例,因为正如我所说,我无法测试它。

First of, am not sure i understand correctly your question, but i give it a try anyway.

Currently you have:

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteRule ^([^/]+)$ /index.php?page=$1 [QSA,L]

What you'd need in addition is:

RewriteCond %{REQUEST_FILENAME}   -d
RewriteCond %{HTTP_REFERER} !^http://your-domain\.tld/.*$ [NC]
RewriteRule XXXXXX/(.*)$ - [F,NC,L]

.htaccess RewriteRule's are checked in the order they occur, so you might want to do something like this, although I stand corrected because haven't had a chance to check if it'd work:

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^([^/]+)$ /index.php?page=$1 [QSA]
RewriteCond %{HTTP_REFERER} !^http://your-domain\.tld/.*$ [NC]
RewriteRule XXXXXX/(.*)$ - [F,NC,L]

That is, first check if it's an argumented file named index.php which should be rewritten, if not (no L flag), go on for the next rule first grabbing a new condition, then if the rule validates, restrict access (throw HTTP 403).

Does this make sense?
Anyway, please experiment with the above .htaccess example because as I said, I couldn't test it.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文