使用 mod_rewrite 进行文件访问控制
我想限制对 Apache 中文件的访问。 受限文件列表应该是可变的。 如果文件访问受到限制并且未找到特定的 cookie,则用户 应重定向到网站(可以获取 cookie) - 如果找到,文件将被“加载”。
我想用 mod_rewrite 解决这个问题。
我的想法是,将所有请求重定向到 handler.php 脚本。
该“handler.php”查找请求并决定是否允许访问。到这里为止都没问题。
现在的问题是,如果允许访问,则必须加载文件。因此,我不知道 mime、文件大小等。
当然,我可以写一些类似的内容,
if ($ext == '.jpg') header('Content-Type: ...');
但我不想使用这个解决方案,因为我想处理所有可能的文件(png、gif、exe、mp3、zip 等) )。问题是我无法知道所有哑剧类型。
如果我可以调用 Apache(在子请求中)来加载文件(这次没有 handler.php),那就太好了。
就我而言,我不想像 mod_auth 那样严格地保护资源,因为我只想为成熟内容添加免责声明(绘制的艺术品含有血液,对儿童不利)。如果没有找到 cookie,我想显示免责声明,如果有 cookie,我可以显示图片。
I want to limit access to files in Apache.
A list of restricted files should be variable.
If a file access is restricted and a specific cookie is not found, the user
should be redirected to a website (with possibility to aquire the cookie) - if it was found, the file will be "loaded".
I would like to solve this problem with mod_rewrite.
My thought is that I redirect all requests to a handler.php script.
This "handler.php" looks for the request and decides if the access is allowed. No problem until here.
The problem is now, that - if the access is allowed - the file has to be loaded. Therefore, I do not know the mime, filesize etc.
Of couse, I could write something like
if ($ext == '.jpg') header('Content-Type: ...');
But I do not want to use this solution, since I want to process ALL POSSIBLE files (png, gif, exe, mp3, zip, ETC). The problem is that I cannot know all mime types.
It would be great if I could call Apache (in a subrequest) to load the file (this time without the handler.php).
In my case I do not want to protect resources the strict way like mod_auth, since I only want to add a disclaimer to mature content (drawn artwork which contains blood and is not good for children). If a cookie was not found, I would like to show the disclaimer, and if the cookie is there, I can show the picture.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
考虑到您想要阻止对给定路径下所有资源的访问,在我看来,也许 Apache 授权 对您来说是更好的选择。与手动检查每个资源请求的会话相比,这是一个更干净的解决方案,并且您不会遇到您所描述的内容类型处理问题。
修订:
在这种情况下,我建议您研究使用 cookie 和 .htacces。
Considering that you want to block access to all resources under a given path, it seems to me that maybe Apache authorization is the better bet for you. It's a much cleaner solution than manually checking the session on every resource request, and you won't run into the content type handling issues that you're describing.
REVISED:
In that case, I suggest you look into working with cookies and .htacces.