使用 htaccess 阻止访问子域以及该子域下的所有文件和文件夹
一个主要领域和网站设置,以及一个带有其独立网站的附加域: domain.com 和 addon.com
我在CPANEL托管上有 CPANEL配置附加域的方式,可以通过主要域访问附加域的网站:
addon.domain.com/
domain.com/addon/
我想做的是从主要域中阻止对附加域网站的所有访问,包括其中包含的任何和所有文件或文件夹,因此:
- 访问< em> addon.com/anyfolder/anyfile.php 有效,但是;
- addon.domain.com/anyfolder/anyfile.php 或
- 访问 错误。
我在修改附加域的HTACCESS文件以实现此目标方面取得了成功,例如,在附加域的htaccess中使用此功能:
RewriteEngine on
RedirectMatch 404 ^/addon/(.*)$
blocks domain.com/addon/addon/anyfolder/anyfile.php 完美,显示404错误。
但是,我尝试过各种方法来对 addon.domain.com ,尽管我通常可以在仅访问域时将其显示为404,但对于任何文件夹或文件( addon) .domain.com/Anyfolder/Anyfile.php )它仍然没有错误而工作,我不知道如何使用HTACCESS纠正此问题。
例如:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^https?://(www\.)addon\.com
RewriteRule ^(.*)$ - [L,R=404]
这使 addon.domain.com 显示所需的404错误,但是 addon.domain.com/anyfolder/anyfile.php 仍然可以毫无问题地工作。
当然,这只是一个例子,我实际上搜索了一段时间,并尝试了几种不同的重写条件,以获得所需的结果而没有成功。另一个仅适用于域的示例:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?addon.domain.co.uk$ [NC]
RewriteRule ^(.*)$ - [L,R=404]
再次导致 addon.domain.com 显示所需的404错误,但是 addon.domain.com/anyfolder/anyfile.php 仍然有效。
我唯一能想到的事情是编辑主域的DNS区域,然后删除(或以某种方式破坏子域的记录)。当然,这将导致“找不到的服务器”错误,这将带来所需的影响,但我无法想象这是一个可取的选择。
I have a main domain and a website setup on my cPanel hosting as well as an add-on domain with its own separate website: domain.com and addon.com
Due to the way cPanel configures add-on domains, the add-on domain's website can be accessed via the main domain:
addon.domain.com/
domain.com/addon/
What I'd like to do is block all access to the add-on domain's website from the main domain, including any and all files or folders contained within, so:
- Accessing addon.com/anyfolder/anyfile.php works, but;
- Accessing addon.domain.com/anyfolder/anyfile.php or
- Accessing domain.com/addon/anyfolder/anyfile.php fails with a 404 error.
I have had some success with modifying the add-on domain's htaccess file to achieve this, for example using this in the add-on domain's htaccess:
RewriteEngine on
RedirectMatch 404 ^/addon/(.*)$
Blocks domain.com/addon/anyfolder/anyfile.php perfectly, displaying a 404 error.
However I have tried various methods to do the same for addon.domain.com and although I can usually get it to display a 404 when accessing only the domain, for any folders or files (addon.domain.com/anyfolder/anyfile.php) it will still work with no error and I can't figure out how to go about correcting this with htaccess.
For example:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^https?://(www\.)addon\.com
RewriteRule ^(.*)$ - [L,R=404]
This makes addon.domain.com display the desired 404 error, but addon.domain.com/anyfolder/anyfile.php still works without issue.
This is just one example of course, I've actually searched for a while and tried several different rewrite conditions among other things to get the desired result without success. Another example that works only for the domain:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?addon.domain.co.uk$ [NC]
RewriteRule ^(.*)$ - [L,R=404]
Once again, this causes addon.domain.com to display the desired 404 error, but addon.domain.com/anyfolder/anyfile.php still works.
The only other thing I can think of doing is editing the main domain's DNS zone and remove (or break somehow) the A record for the subdomain. This would of course result in a "server not found" error which would have the desired affect, but I can't imagine it's an advisable option to take.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您应该在子域的根部使用mod_rewrite在
.htaccess文件的顶部附近使用以下操作。我假设
addon.com和www.addon.com都应访问。例如:
以上将阻止(未找到404的服务),以
addon.com(或www.addon.comwww.addon.com 代码>)。 condpattern 上的!前缀否定了表达式。任何URL路径。在4xx范围内使用返回代码时,您不需要
l标志。替代方法
一种不使用mod_rewrite的替代方法,因此不一定被子目录中的
.htaccess文件覆盖:这使用mod_authz_core使用apache表达式。
上述将为403供禁止使用插件域的任何请求。
看你的规则...
redirectMatch是MOD_ALIAS指令。这与rewriteEngine初始化mod_rewrite的指令无关。这是在检查
Referer标题(您要从中到达的网站),因此这将不具有理想的结果。但是,该规则仍应阻止addon.domain.com/anyfolder/anyfile.php的请求。请注意,
.htaccess文件中的指令顺序可能很重要。任何阻止指令都应在配置文件的顶部附近。这应该阻止
addon.domain.com/anyfolder/anyfile.php(有或没有www子域) - 除非将规则放在错误的位置,并且与其他规则相抵触,如上所述。请注意,您不一定只有一个规则。有时,两个或多个规则可以像一个或一个规则一样有效地执行工作。
You should do something like the following using mod_rewrite near the top of the
.htaccessfile in the root of the subdomain.I'm assuming
addon.comandwww.addon.comshould both be accessible.For example:
The above will block (serve a 404 Not Found) for any request that is not for
addon.com(orwww.addon.com). The!prefix on the CondPattern negates the expression. Any URL-path.You do not need the
Lflag when using a return code in the range 4xx.Alternative Method
An alternative approach that does not use mod_rewrite, so won't necessarily be overridden by
.htaccessfiles in subdirectories:This uses an Apache Expression with mod_authz_core.
The above will serve a 403 Forbidden for any requests that are not for the addon domain.
A look at your rules...
RedirectMatchis a mod_alias directive. This is unrelated to theRewriteEnginedirective that initialises mod_rewrite.This is checking the
Refererheader (the site you are coming from), so this will not have the desired result. However, a request foraddon.domain.com/anyfolder/anyfile.phpshould still be blocked by this rule.Note that the order of directives in the
.htaccessfile can be important. Any blocking directives should be near the top of the config file.This should block
addon.domain.com/anyfolder/anyfile.php(with or without the www subdomain) - unless the rule is put in the wrong place and it is conflicting with other rules, as mentioned above.Note that you don't necessarily need to have just one rule. Two or more rules can perform the job just as efficiently as one sometimes.