php .htaccess 拒绝子文件夹中的文件
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/8801994/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
.htaccess deny files in subfolders
提问by Halcyon
I want to block access to "sub/folder/index.php", but not "index.php" anywhere else.
我想阻止访问“sub/folder/index.php”,而不是其他任何地方的“index.php”。
<Files index.php>
Order allow,deny
Deny from all
</Files>
works but blocks all "index.php" files.
工作但阻止所有“index.php”文件。
<Files sub/folder/index.php>
Order allow,deny
Deny from all
</Files>
doesn't work. Do I need to use <Directory>?
不起作用。我需要使用<Directory>吗?
I don't want to create an .htaccess file in the sub/folder
我不想在子/文件夹中创建 .htaccess 文件
I don't have access to httpd.conf
我无权访问 httpd.conf
I don't want to block everything in sub/directory
我不想阻止子/目录中的所有内容
If it were that easy, I wouldn't be asking ;)
如果有那么容易,我就不会问了;)
回答by regilero
I think the simpliest rule is:
我认为最简单的规则是:
RedirectMatch 403 ^.*/sub/folder/index\.php$
RedirectMatch is in mod_alias module, that you certainly have. This does not implies mod_rewrite engine. Here we are simply telling apache that any access to sub/folder/index.php will generate a "403 forbidden" answer.
RedirectMatch 在 mod_alias 模块中,你当然有。这并不意味着 mod_rewrite 引擎。在这里,我们只是告诉 apache,任何对 sub/folder/index.php 的访问都会生成“403 禁止”答案。
You can put that in a httpd.conf or in the root .htaccess (but really consider removing all .htaccess, it's bad, it's slow, it's sad that you do not have access to the real configuration files).
您可以将其放在 httpd.conf 或根目录 .htaccess 中(但真的考虑删除所有 .htaccess,这很糟糕,很慢,很遗憾您无法访问真正的配置文件)。
回答by AKFourSeven
I try creating another .htaccess in that sub/folder/ to block the access to that index.php.
我尝试在该子/文件夹/中创建另一个 .htaccess 以阻止对该 index.php 的访问。
"If you place a .htaccess file in a sub-folder, its directives will override the ones that you have in your site main folder."
“如果您将 .htaccess 文件放在子文件夹中,其指令将覆盖您在站点主文件夹中的指令。”
This page has further information: http://www.besthostratings.com/articles/htaccess.html
此页面有更多信息:http: //www.besthostratings.com/articles/htaccess.html
回答by bardiir
How about creating a .htaccessfile in the specific folder containing the files you want to protect?
如何.htaccess在包含您要保护的文件的特定文件夹中创建一个文件?
Edit:
编辑:
Be careful, this actually does not work in a simple .htaccessfile, see comments below. This will only work in an apache.conf file.
小心,这实际上在一个简单的.htaccess文件中不起作用,请参阅下面的评论。这仅适用于 apache.conf 文件。
This should to the trick for you without another .htaccessfile:
在没有其他.htaccess文件的情况下,这应该对你有用:
<Directory sub/folder>
<Files index.php>
Order allow,deny
Deny from all
</Files>
</Directory>
回答by Joachim Isaksson
You can only use file names in <Files> sections, not paths.
您只能在 <Files> 部分中使用文件名,而不能在路径中使用。
There are three options I can see;
我可以看到三个选项;
- Put a .htaccess file in the same folder as the file.
- Put the configuration in apache.conf using a <Directory> directive and a <Files> directive. <Directory> does not work in .htaccess files, only apache.conf
- Create a rewrite rule using mod_rewrite a'la;
- 将 .htaccess 文件放在与该文件相同的文件夹中。
- 使用 <Directory> 指令和 <Files> 指令将配置放在 apache.conf 中。<Directory> 不适用于 .htaccess 文件,仅适用于 apache.conf
- 使用 mod_rewrite a'la 创建重写规则;
-
——
RewriteEngine on
RewriteRule ^sub/folder/index.php$ http://yoursite/index.locked
Will give a 404 on the file, if you want a permission denied, create a read protected file at the pointed to location.
将在文件上给出 404,如果您想拒绝权限,请在指向的位置创建一个读保护文件。
