.htaccess 阻止外界执行 php 脚本的权限
我正在建立一个新网站,目前如果我转到 mydomian/php/someScript.php ,它将执行 php 脚本。如何让包含此内容的文件仍然包含此内容,但不允许其他人从浏览器执行这些脚本。目前我的 .htaccess 文件中有这个:
deny from all
但是当我访问该网站时,会向该文件夹中的脚本发出 AJAX post 请求,并返回 403 错误。
欢迎任何关于如何实现这一目标的想法。
====编辑====
为了清楚起见,php 目录中的某些文件是由 AJAX 请求的,我现在已经意识到这些文件不能具有所需的权限。但是我仍然想将这些权限放在该目录中的其他文件上
谢谢
I am setting up a new website and currently if I go to mydomian/php/someScript.php it will execute the php script. How can I let the files that include this still include this but not let anyone else execute these scripts from the browser. Currently I have this in my .htaccess file:
deny from all
but when I visit the site a AJAX post request is made to a script in this folder and is getting back a 403 error.
Any ideas on how to achieve this are welcome.
====EDIT====
for clarity, some files in the php directory are requested by AJAX and I've now been made aware that these files cant have the desired permissions. However I would still like to put these permissions on the other files in this directory
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
最好的解决方案是尽可能将它们放在 Web 根目录之外,这样您可以包含它们,但 Web 服务器无法为它们提供服务,在这种情况下根本不需要配置。
编辑:我注意到您希望允许通过 AJAX 访问脚本。没有办法做到这一点,因为没有办法可靠地区分 AJAX 请求或其他类型的 HTTP 请求。
The best solution is to put them outside of the web root directory if at all possible, that way you can include them but the web server can't serve them, no configuration is required at all in this case.
EDIT: I noticed you want to allow access to the scripts by AJAX. There is no way of doing this as there's no way of telling the difference between an AJAX request or other types of HTTP request with any reliability.
您仍然可以从 php 包含这些文件,例如使用
include或require。通过 AJAX 调用它与通过在浏览器中输入 URL 来调用它没有什么不同 - 即您不能阻止直接访问但允许 AJAX 访问。
You can still include those files from php, e.g. using
includeorrequire.Calling it via AJAX is not different from calling it by entering the URL in the browser - i.e. you cannot block direct access but allow AJAX access.