如何允许服务器访问文件但不允许用户访问?
我有一个目录,里面有一堆文件&我不希望任何人能够通过获取目录列表或猜测文件位置来访问这些文件。输入....它不应该允许他们下载它。
我通过将以下内容放入 .htaccess 文件中来完成此操作:
Options -Indexes
Order Allow,Deny
Deny from all
但是,我希望用户只有在通过脚本(位于不同的目录中)访问该文件时才能下载该文件,该脚本将为他们提供下载。目前,上述设置不起作用。
我想放一些类似..
Allow from domain.com
但我不是100%确定这意味着什么?是否检查请求来自何处?因此,如果服务器请求访问该目录,它会起作用吗? ...或者它仍然无法工作,因为用户仍在通过其他脚本使用域来访问目录?
I have a directory with a bunch of files in it & I don't want anybody to be able to access these files by either getting a directory listing or by guessing the file location & typing it in.... it should NOT allow them to download it.
I accomplished this by putting the below in my .htaccess file:
Options -Indexes
Order Allow,Deny
Deny from all
However, I want the user to be able to download the file ONLY IF they access it via a script (which is in a different directory) which will give them the download. At the moment with the above settings it doesn't work.
I thought of putting something like..
Allow from domain.com
But I'm not 100% sure what that means? Does that check where the REQUEST is coming from & hence it would work if the server requests access to that dir? ...or would it still not work as the user is still using the domain via the other script to access the dir?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您使用“脚本”转储文件,则可以将文件存储在文档根目录之外。所以你不需要 htacces 文件。
也许这是一个更好的解决方法。
If you dump the files with an "script" you can store your files outside the documentroot. So you need no htacces file.
Perhaps this is a better workaround.
一种方法是当用户尝试访问本例中
sec_files文件夹内的可下载文件时,将用户重定向到您的主页。当我的一位客户购买了 Codecanyon 产品的安全下载链接并要求提供一种解决方案来保护包含图像或可下载的文件夹时,我对此进行了研究。
.htaccess 代码如下。此 .htaccess 文件放置在
sec_files即可下载文件文件夹中。了解当您访问此处时它的工作原理,它会将您重定向到主页,但是当您通过 PHP 脚本此处访问它时,它会让您下载相同的文件。
One way is to redirect the user say to your home page when they try to access your downloadable files inside the folder
sec_filesin this example.I researched on this when one of my clients who purchased secure download links a codecanyon product asked for a solution to protect a folder that contained images or downloadable.
the .htaccess code is below. this .htaccess file is placed inside the
sec_filesi.e downloadable files folder.See how it works when you access here, it will redirect you to home page but when you access it through a php script here it will let you download the same files.