Apache 配置:正则表达式禁止访问以点开头的文件/目录
我想禁止访问名称以点开头的任何文件或目录。我想出了以下方法,但只有当它们直接位于文档根目录中时,它才会禁用对以 DOT 开头的文件/目录的访问。
<Files ~ "^\.|\/\.">
Order allow,deny
Deny from all
</Files>
有了这个,
http://my_server.com/.svn/entries --> Permission denied
http://my_server.com/abcd/.svn/entries --> Accessible, should be disabled
实现这个目标的正确正则表达式是什么?
I want to disable access to any file OR directory, whose name begins with a DOT. I came up with the following, but it disables access to files/directories beginning with DOT only if they are directly in the Document root.
<Files ~ "^\.|\/\.">
Order allow,deny
Deny from all
</Files>
With this,
http://my_server.com/.svn/entries --> Permission denied
http://my_server.com/abcd/.svn/entries --> Accessible, should be disabled
Whats the proper regex to achieve this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
您的代码不起作用,因为
Apache 在默认安装中阻止
.htaccess文件(更好:所有以.ht开头的文件)。如果仔细查看配置文件,您会看到类似这样的内容:因此,要隐藏以点开头的所有文件,您可以使用:
为了使其适用于以点开头的目录,请使用以下(经过测试的)代码:
You code does not work because
<Files>only applies to the basename of the requested document. That is, the part after the last slash. (source: http://httpd.apache.org/docs/current/mod/core.html#files)Apache blocks
.htaccessfiles in a default installation (better: all files starting with.ht). If you looked closely at the configuration files, you would see something like this:So to hide all files starting with a dot, you would use:
In order to make it work for directories starting with a dot, use the following (tested) code:
这将拒绝查看任何以点开头的文件或目录。
它影响路径树中的任何级别。
末尾的 [F] 修饰符表示禁止访问(不需要 L 修饰符来表示这是要应用的最后一条规则,默认情况下是隐含的)。
正则表达式有两个部分(其中任何一个都允许匹配,不需要两者都匹配):
第一部分匹配以点开头的任何内容(对于在每个目录的 .htaccess 文件中使用它时的情况,将不会有我们匹配的字符串开头的斜杠):
例如,这适用于
.test、.git/HEAD但不适用于
/.git、path/.hidden。第二部分匹配任何包含斜杠后跟点的内容。如果您在 VirtualHost 或 side-wide Apache 配置中具有此规则,则这非常有用,在这种情况下,我们匹配的大小写字符串可能以斜杠开头。
此规则将匹配:
/.git、some/.hidden此规则将不匹配:
.git、.hidden当我们将这两个规则结合起来时,似乎我们涵盖了所有可能的情况。
This will deny from viewing any files or directories beginning with dot.
It affects any level in the paths tree.
[F] modifier at the end says to forbid access (no need for L modifier to say that it is Last rule to apply, it is implied by default).
The regular expression has two parts (any of them allowed to match, not required to be both):
The first part matches anything that starts from dot (for the case when you use it in per-directory .htaccess file and there will be no slash at the start of string we are matching on):
For example, this will work for
.test,.git/HEADbut will not work for
/.git,path/.hidden.The second part matches anything that contains slash followed by dot. This is useful if you have this rule in VirtualHost or in side-wide Apache configuration, in which a case string we match may begin with slash.
This rule will match:
/.git,some/.hiddenThis rule will not match:
.git,.hiddenWhen we combine these both rules, it seems that we cover all possible cases.
这对我来说非常有效(Apache 2.4):
拒绝任何包含以点开头的组件(文件或目录)的 URL。
This works perfectly for me (Apache 2.4):
Denies any URL that contains a component beginning with a dot (file or directory).
使用重写模式:
每个以点开头的文件或目录将被重定向到 404。
With rewrite mod:
Every file or dir who begin with a dot will be redirected to 404.