使用 apache 拒绝除索引之外的所有文件
这是我的 .htaccess
<Files *>
Order Deny,Allow
Deny from all
</Files>
<Files index.php>
Order Deny,Allow
Allow from all
</Files>
这不起作用,因为如果我在浏览器中输入主机名,它会提供index.php,但apache似乎没有应用文件指令,而是返回一个不允许的文件访问页面,我需要输入全名文档(例如“index.php”)才能使其工作。这不太方便...
如果我希望用户只访问我网站中每个文件夹的索引文件,该怎么办? 所有其他文件都只是脚本包含,所以我相信我正在尝试使它们无法从网络访问(或者也许不是,如果只有一个理由证明另一种情况)。
不管上面的问题如何,这是完成这项工作的正确方法吗? (我认为这里的两个指令并不简洁,但这是唯一的方法,几乎是我所知道的避免访问文件的唯一方法)。
Here's my .htaccess
<Files *>
Order Deny,Allow
Deny from all
</Files>
<Files index.php>
Order Deny,Allow
Allow from all
</Files>
This is not working, cause if I type the hostname in my browser, it serves the index.php but apache doesn't seem to apply the Files instructions and instead returns a non-allowed file access page, I need typing the fullname document (e.g. 'index.php') to make it work. which is not really convenient...
how to proceed if I want users only access index files of each folder in my website ?
all the other files are just script inclusions so i believe i'm doing right trying to make them inaccessible from the web (or maybe not, if only you have one reason to prove the other case).
Regardless the question above, is it the right way to do the job ? (I think the two directives here are not neat but it's the only way, well almost the only way that I know to avoid accesses to files).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
不完全确定为什么需要这样做,但您可以使用
mod_setenvif(无需将其包装在这将导致访问 hostname.com / 到 403,但允许 hostname.com/index.php。如果你也想允许/,只需添加
到顶部即可。当然,所有这些都会使得 index.php 链接到的任何内容也将返回 403。
Not exactly sure why you need to do this, but you can use
mod_setenvif(no need to wrap this inside a<Files>)This will cause access to hostname.com/ to 403 but allow hostname.com/index.php. If you want to allow / as well, just add
to the top. Of course, all this will make it so anything that index.php links to will also return a 403.
您只需添加一个问号即可匹配至少一个字符。
You just need to add a question mark to match at least one character.