.htaccess 不允许用户查看我的文件夹中没有 index.php 的文件
在我的服务器上,我创建了一个没有index.php 或index.html 的文件夹。
folder1/test.php
folder1/sample.php
folder1/hello.php
当我尝试访问该文件夹时,它显示了其中的所有文件。
这是我担心的,它不应该显示我的文件夹中的文件,因为它很容易被黑客攻击。它应该显示类似 403 Forbidden 的页面。我不想使用index.php 只是将它们重定向到某个地方。
我听说这涉及 .htaccess,这是一个明智的做法。
请教我怎么做。
On my server, I've created a folder that doesn't have an index.php or index.html.
folder1/test.php
folder1/sample.php
folder1/hello.php
When I tried to visit that folder, it shows all the files in there.
That is my concern, it should not show the files in my folder because it is prone to hacking. It should display a page like a 403 Forbidden. I don't want to used an index.php just to redirect them to somewhere.
I heard that this involves .htaccess and this is a smart thing to do.
Kindly teach me how to do it.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
在文档根目录中的
.htaccess
文件中...请参阅 http://httpd.apache.org/docs/2.2/mod/core.html#options
In a
.htaccess
file in your document root...See http://httpd.apache.org/docs/2.2/mod/core.html#options
这就是所谓的目录列表。您必须在folder1 中添加一个名为
.htaccess
的文件,并向其中添加以下行,以防止目录列表列出任何文件。
That is called directory listing. You have to add a file named
.htaccess
in folder1 and add the following line to itto prevent directory listing to list any files.
您所指的称为“目录浏览”,通常是一件坏事。要阻止目录浏览,请在站点根目录中创建或修改 .htaccess 文件。
如果您创建 .htaccess 文件,请将此行放在其中:
如果修改,请查找
并将其更改为
Options All -Indexes
如果您没有看到 Indexes 指令,请添加选项 1 中的行。这样就可以了。
What you are referring to is called 'Directory Browsing' and is a bad thing, usually. To prevent directory browsing, create or modify a .htaccess file in the root of your site.
If you create an .htaccess file, place this line inside of it:
If modifying, look for
and change it to
Options All -Indexes
If you do not see an Indexes directive, add the line from option 1. That should do it.
是的,您可以放置:
或者这样:
但是为了使 .htaccess 得到尊重,您必须放置类似的内容:
在 httpd.conf 或服务器配置中的类似内容中
Yes, you can put:
Or this:
But for the .htaccess to be honored you have to put something simlar to:
In the httpd.conf or similar in your server configuration