问题描述
我有一个子文件夹的.htaccess和PHP-文件有问题。我正在努力实现是prevent任何人能够访问任何文件在我的子文件 - 但我希望我的index.php才能够访问这些文件。
I'm having a problem with .htaccess and PHP-files in a sub folder. What I'm trying to achieve is to prevent anyone from being able to access any file in my sub folder - BUT I want my index.php to be able to access those files.
DOCROOT/subfolder -> www.somewebsite.com/subfolder/somefile.php
-> Access Denied
但
[index.php]
<form action="/subfolder/somefile.php">
...
</form>
-> Success!
我很想只要使用的.htaccess来解决这个问题。从我试过拒绝所有
,也有一些重写规则
取值,但这些规则还杀了从index.php中的任何请求。
我试过
I would love to solve this by just using .htaccess. I tried deny from all
and also some RewriteRule
s but those Rules also kill any request from index.php.I tried
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from somewebsite.com
Satisfy Any
但index.php文件的请求被拒绝。谁能帮助,好吗?
but the request from index.php is being denied. Can anyone help, please?
推荐答案
这是一种误解,认为人都有。只是因为你的连接以从另一个PHP文件的PHP文件的不等于的index.php
文件访问它们。最终用户/浏览器的还是的访问它们,它只是它被告知,其中通过你的的index.php
文件中去。有绝对无关,与它如何被访问。在这两种情况下,你,他们正在通过浏览器访问。
This is a misconception that people have. Just because you're linking to PHP files from another PHP file doesn't mean the index.php
file is accessing them. The end-user/browser is still accessing them, it's just it's being told where to go by your index.php
file. Has absolutely nothing to do with how it's being accessed. In both of your cases, they're being accessed by the browser.
你能做的最好是看引荐字段。它可以方便地伪造来解决这个问题,但它是你唯一可以做的事情。
The best you can do is to look at the referer field. It can be easily forged to get around this, but it's the only thing you can do.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(example.com|127\.0\.0\.1) [NC]
RewriteRule ^subfolder/ - [L,F]
,其中example.com是您的网站。
where "example.com" is your site.
这篇关于的.htaccess - 拒绝访问文件夹,但允许访问的index.php通过对文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!