阻止直接访问 PHP 文件
我现在的 htaccess 文件包含执行此操作的 mod_rewrite 规则:
www.mysite.com/articles/jkr/harrypotter --> www.mysite.com/index.php?p=articles&author=jkr&book=harrypotter
www.mysite.com/articles/jkr --> www.mysite.com/index.php?p=articles&author=jkr
www.mysite.com/articles --> www.mysite.com/index.php?p=articles
在我的根目录中,我有一些 PHP 文件,例如:index.php、pre.php、view.php 等。
我想要的:阻止直接访问 php 文件。
例如:
www.mysite.com/index.php --> "404 - Page Not Found" or "File not exist"
www.mysite.com/view.php --> "404 - Page Not Found" or "File not exist"
我尝试了在搜索中找到的代码。它使用“f”标志。但我不明白。我用的时候也不显示主页。所以,我删除了我正在测试的所有内容。我的 htaccess 文件现在仅包含三个规则(接受页面、作者、书籍)。
请帮忙。
My present htaccess file contains mod_rewrite rules to perform this:
www.mysite.com/articles/jkr/harrypotter --> www.mysite.com/index.php?p=articles&author=jkr&book=harrypotter
www.mysite.com/articles/jkr --> www.mysite.com/index.php?p=articles&author=jkr
www.mysite.com/articles --> www.mysite.com/index.php?p=articles
In my root directory, I have some PHP files like: index.php, pre.php, view.php, etc.
What I want: block direct access to php files.
Eg:
www.mysite.com/index.php --> "404 - Page Not Found" or "File not exist"
www.mysite.com/view.php --> "404 - Page Not Found" or "File not exist"
I have tried a code that I found on searching. It uses "f" flag. But i did not understand it. When I used it do not show the home page also. So, I removed everything that I was testing. My htaccess file now contains three rules only(to accept page, author, book).
Please help.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我在这里看到了之前提出的另一个问题: mod_rewrite error 404 if .php
我对其进行的更改是添加了 [NC] 标志。否则,如果我们将大写字母放在扩展名中(例如“index.PHP”),它将加载。
所以,
解决方案:
谢谢
I saw another question that was previous asked in here : mod_rewrite error 404 if .php
A change that I made to it is, added [NC] flag. Otherwise, if we put the uppercase letter in extension(say, "index.PHP") it will load.
So,
SOLUTION:
thank you
创建一个抛出 404 错误的简单 404.php,然后将 index.php 重写为 404.php 等。
Create a simple 404.php that throws a 404 error, then rewrite index.php to 404.php etc.
您也可以在脚本级别执行此操作。如果您在 index.php 中添加一条规则来检查您是否已传递 GET 变量或只是在没有任何参数的情况下调用页面,如下所示:
那么您可以控制将人们重定向到 404 错误或显示更有用的内容,例如带有索引或某种形式的网站导航的登陆页面。
You can also do this at your script level. If you add a rule within your index.php to check whether you have been passed GET variables or just called the page without any parameters like so:
Then you have control to either redirect people to a 404 error or show something more helpful, like a landing page with an index or some form of website navigation.