htaccess 允许通过扩展名访问文件吗?
我看到几个 htaccess 示例禁用某些文件访问:
<Files ~ "\.(js|sql)$">
order deny,allow
deny from all
</Files>
例如,这会阻止访问所有 .JS 和 .SQL 文件,而其他文件则被启用。我想要相反!我希望启用这些文件,并阻止所有其他文件。如何实现这一目标?
I saw several htaccess example disabling some files to access:
<Files ~ "\.(js|sql)$">
order deny,allow
deny from all
</Files>
for example, this prevents to access all .JS and .SQL files, the others are enabled. I want the contrary! I want those files to be ENABLED, all others to be prevented. How to achieve this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
沃拉普萨克的回答几乎是正确的。实际上,
您需要顶部的 order 指令(并且您不需要其他任何内容)。
有趣的是,我们似乎不能直接否定 FilesMatch 中的正则表达式,这很奇怪,尤其是因为“!”不会导致服务器错误或任何问题。嗯,呃。
和一些解释:
顺序原因告诉服务器其预期的默认行为。告诉
服务器首先处理“允许”指令:如果请求与任何允许指令匹配,则将其标记为正常。然后评估“拒绝”指令:如果请求与任何拒绝指令匹配,则该请求将被拒绝(无论第一遍是否允许)。如果未找到匹配项,则该文件将被拒绝。
该指令的
工作方式相反:首先服务器处理“拒绝”指令:如果请求匹配,则将其标记为被拒绝。然后评估“allow”指令:如果请求与允许指令匹配,则允许该请求进入,即使它之前与拒绝指令匹配。如果请求没有匹配任何内容,则允许该文件。
在这种特定情况下,服务器首先尝试匹配允许指令:它发现允许 js 和 sql 文件,因此对 foo.js 的请求会通过;对 bar.php 的请求与指令不匹配,因此被拒绝。
如果我们将指令交换为“order Deny,allow”,那么 foo.js 将通过(因为是 js),并且 bar.php 也会通过,因为它不匹配任何模式。
哦,还有一件事:部分(即和)中的指令总是在 .htaccess 文件的主体之后进行评估,覆盖它。这就是为什么 Vorapsak 的解决方案没有按预期工作的原因:主 .htaccess 拒绝了请求,然后 <<文件>订单已处理,并且允许请求。
Htaccess 是最糟糕的魔法,但它是有逻辑的。
Vorapsak's answer is almost correct. It's actually
You need the order directive at the top (and you don't need anything else).
The interesting thing is, it seems we can't just negate the regex in FilesMatch, which is... weird, especially since the "!" causes no server errors or anything. Well, duh.
and a bit of explanation:
The order cause tells the server about its expected default behaviour. The
tells the server to process the "allow" directives first: if a request matches any allow directive, it's marked as okay. Then the "deny" directives are evaulated: if a request matches any deny directives, it's denied (it doesn't matter if it was allowed in the first pass). If no matches were found, the file is denied.
The directive
works the opposite way: first the server processes the "deny" directives: if a request matches, it's marked to be denied. Then the "allow" directives are evaulated: if a request matches an allow directive, it's allowed in, even if it matches a deny directive earlier. If a request matches nothing, the file is allowed.
In this specific case, the server first tries to match the allow directives: it sees that js and sql files are allowed, so a request to foo.js goes through; a request to bar.php matches no directives, so it's denied.
If we swap the directive to "order deny,allow", then foo.js will go through (for being a js), and bar.php will also go through, as it matches no patterns.
oh and, one more thing: directives in a section (i.e. < Files> and < Directory>) are always evaulated after the main body of the .htaccess file, overwriting it. That's why Vorapsak's solution did not work as inteded: the main .htaccess denied the request, then the < Files> order was processed, and it allowed the request.
Htaccess is magic of the worst kind, but there's logic to it.
您是否尝试在
标签之前设置外部(之前),然后将其更改
为
内部?像这样的东西
Did you try setting a
outside (before) the tag, then changing the
to
inside? Something like
如果您的网站遇到问题,请使用此 htaccess 代码。它解决了您可能遇到的所有错误
如果对你有帮助,别忘了点赞!!!
if you are having trouble with your website, use this htaccess code. It solves all error you may likely encounter
If this help you, don't forget to thump up!!!