php 使用htaccess,如何限制查看目录内容,但允许服务器使用内容?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6157282/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Using htaccess, how to restrict seeing directory contents, but allow server to use the contents?
提问by Josh
More specifically, I have an htaccess file that restricts anyone from seeing the directory contents. Such that, nobody can see my 1000s of images in www.example.com/images by using:
更具体地说,我有一个限制任何人查看目录内容的 htaccess 文件。这样,没有人可以通过使用以下命令在 www.example.com/images 中看到我的 1000 张图片:
deny from all
allow from 127.0.0.1
However, I want to use these images on www.example.com such that,
<img src="images/thisimg.jpg" />works.
但是,我想在 www.example.com 上使用这些图像,这样可以
<img src="images/thisimg.jpg" />工作。
I hope I'm in the right direction, but I appreciate any insight/re-direct. This is similar to: How to protect all directory contents, but gain access to php scriptbut I want to link to these images in that directory, and using deny from alldoes not allow me to do that.
我希望我的方向是正确的,但我感谢任何见解/重新指导。这类似于:如何保护所有目录内容,但可以访问 php 脚本,但我想链接到该目录中的这些图像,而使用deny from all不允许我这样做。
Thanks in advance for your help.
在此先感谢您的帮助。
采纳答案by Fosco
All you need to keep people from seeing the directory contents is an index.php or .html file in that folder. Any requests for yoursite.com/images will load index.php, which you'll set to a dummy page.
防止人们看到目录内容所需的只是该文件夹中的 index.php 或 .html 文件。对 yoursite.com/images 的任何请求都将加载 index.php,您将其设置为一个虚拟页面。
index.html could be something like:
index.html 可能是这样的:
<html><title>Forbidden!</title><body>Nothing to see here...</body></html>
or a redirect script index.php:
或重定向脚本 index.php:
<?php header('Location: /index.php'); exit(); ?>
Don't use .htaccess for blocking directory listings, it blocks access to everything.
不要使用 .htaccess 来阻止目录列表,它会阻止对所有内容的访问。
回答by Magicianeer
回答by Abrar Jahin
Option 1 (Easy but not Preferable)-
选项 1(简单但不是首选)-
You do not need to create an indexfile like this-
您不需要像这样创建索引文件 -
<html>
<title>Forbidden!</title>
<body>
<h1>Access Denied !!</h1>
</body>
</html>And place it in each resource directories and directories you don't want to show users.
并将其放置在您不想向用户显示的每个资源目录和目录中。
Option 2 (More Preferable)-
选项 2(更可取)-
You can just add this at the end of your .htaccess file-
您可以在 .htaccess 文件的末尾添加它-
Options -Indexes
So, your .htaccessfile may be like this-
所以,你的.htaccess文件可能是这样的——
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ / [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
Options -Indexes
</IfModule>
If you do that and try to go to a directory, you would get something like this-
如果你这样做并尝试进入一个目录,你会得到这样的东西——
So, no one will be able to discover any directory in server.
因此,没有人能够发现服务器中的任何目录。
More can be found here.
回答by diEcho
Simplest solution : create a blank page name index.htmlin your image folder :)
最简单的解决方案:index.html在您的图像文件夹中创建一个空白页面名称:)
回答by Doug
Use something like this in .htaccess file:
在 .htaccess 文件中使用类似的东西:
#
###################################################################
### ###
### Currently protection ###
### images (jpg, jpeg, gif, png, bmp) ###
### JavaScript (js) ###
### Cascading Style Sheets (CSS) ###
### ###
###################################################################
#
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite.com$ [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|js|css)$ http://access- denied.us/hotlinks.html [NC,L]
</ifModule>
#
This will allow your pages to load the documents and images you want while stoping everyone elses pages from doing it. I use this on all my sites and it works great.
这将允许您的页面加载您想要的文档和图像,同时阻止其他人的页面加载。我在我所有的网站上都使用它,而且效果很好。
回答by viruxINf3t3d
To me I feel the easiest way of getting it done is with a redirect. On the images directory, just create an index page and in the index page you have a redirect to your site index page i.e
对我来说,我觉得完成它的最简单方法是重定向。在图像目录上,只需创建一个索引页,在索引页中,您可以重定向到您的站点索引页,即
<?php
header( 'Location: http://www.yoursite.com' ) ;
?>
So that whenever anyone tries to access the image page directly they end up going to your site's root.
这样每当有人试图直接访问图像页面时,他们最终都会转到您网站的根目录。
回答by grim apples
Magicianeer's suggestion is the best for this problem. If your images are broken into subfolders you'd have to put an index file in each one. 'Options -Indexes' only needs to be done once at the root.
魔术师的建议最适合这个问题。如果您的图像被分成子文件夹,则必须在每个子文件夹中放置一个索引文件。'Options -Indexes' 只需要在根执行一次。
回答by transilvlad
deny from allallows files to be used by server side scripts but restricts complete web access.
deny from all允许服务器端脚本使用文件,但限制完整的 Web 访问。
回答by Chris Eberle
If it were me I'd just make sure that the referrer is www.example.com, that's kinda one of it's main uses.
如果是我,我会确保推荐人是 www.example.com,这是它的主要用途之一。
回答by Mohsin Shoukat
in that folder which you want to show access forbidden create a file with name index.php and paste this code
在要显示访问禁止的文件夹中创建一个名为 index.php 的文件并粘贴此代码
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access This Folder
on this server.</p>
</body></html>