问题描述
我正在将我的文件(pdf、doc、flv 等)加载到缓冲区中,并通过脚本将它们提供给我的用户.我需要我的脚本能够访问该文件但不允许直接访问它.实现这一目标的最佳方法是什么?我应该使用我的权限做一些事情还是使用 .htaccess 锁定目录?
I'm loading my files (pdf, doc, flv, etc) into a buffer and serving them to my users with a script. I need my script to be able to access the file but not allow direct access to it. Whats the best way to achieve this? Should I be doing something with my permissions or locking out the directory with .htaccess?
推荐答案
最安全的方法是将您想要保留的文件放在 Web 根目录之外,就像 Damien 建议的那样.这是有效的,因为 Web 服务器遵循本地文件系统权限,而不是它自己的权限.
The safest way is to put the files you want kept to yourself outside of the web root directory, like Damien suggested. This works because the web server follows local file system privileges, not its own privileges.
但是,有很多托管公司只允许您访问网络根目录.要仍然阻止对文件的 HTTP 请求,请将它们单独放入一个目录中,并使用阻止所有通信的 .htaccess 文件.例如,
However, there are a lot of hosting companies that only give you access to the web root. To still prevent HTTP requests to the files, put them into a directory by themselves with a .htaccess file that blocks all communication. For example,
Order deny,allow
Deny from all
您的 Web 服务器以及您的服务器端语言仍将能够读取它们,因为目录的本地权限允许 Web 服务器读取和执行文件.
Your web server, and therefore your server side language, will still be able to read them because the directory's local permissions allow the web server to read and execute the files.
这篇关于阻止通过 http 直接访问文件但允许 php 脚本访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!