从拒绝所有子目录中的htaccess的不重写文件规则的根htaccess的 [英] Deny from all in subdirectory htaccess not overriding file rules in root htaccess

问题描述

我有一种情况，我想要拒绝访问所有文件在我的网站的子目录。我已经添加了一个htaccess文件，这个子目录，并添加所有指令给它的否定。不过，我也有在网站根目录，它允许特定文件类型的一个htaccess文件，好像这些文件类型仍然在子目录访问，即使我不再希望他们。我有这样的解决方法（见下文），但我觉得必须有一个更好的办法。这里是我的两个htaccess的文件：

I've got a situation where I'm trying to deny access to all files in a subdirectory of my website. I have added an htaccess file to this subdirectory and added a deny from all directive to it. However, I also have an htaccess file in the site root, which allows specific file types, and it seems like these file types are still accessible in the subdirectory even though I no longer want them to be. I have a workaround for this (see below), but I feel like there must be a better way. Here are my two htaccess files:

根的.htaccess

Root .htaccess

# Deny access to everything by default
Order Deny,Allow
deny from all

# Allow access to html files
<Files *.html>
    allow from all
</Files>

子目录的.htaccess

Subdirectory .htaccess

# Deny access to everything
deny from all

解决方法：

子目录的.htaccess

Subdirectory .htaccess

# Deny access to everything
Order Allow,Deny
deny from all
<Files *.*>
    deny from all
</Files>

这确实是我想要的，但我觉得应该有一种方法，使所有发言的工作本身的否定。有谁知道？

This does what I want, but I feel like there should be a way to make the deny from all statement work by itself. Does anyone know how?

在此先感谢！

推荐答案

您可以有这样的根的.htaccess

You can have your Root .htaccess like this

# Deny access to everything by default
Order Deny,Allow
deny from all

# Allow access to html files
<Files *.html>
    allow from all
</Files>

# Deny access to sub directory
<Files subdirectory/*>
    deny from all
</Files>

没有必要在子目录中的单独的.htaccess

There is no need for a separate .htaccess in the sub directory.

您允许访问所有HTML文件在根目录你的.htaccess而不是否认它的任何地方子目录中尚属首例。阿帕奇解析所有的规则，并使用最后一个匹配的规则，不同的防火墙（使用第一个规则匹配命中）。全球规则读取第一个和具体规则后。

You are allowing access to all html files in your .htaccess in the Root Directory and not denying it anywhere in the sub directory in the first case. Apache parses all your rules and uses the last matching rule, unlike firewalls (which uses the first rule match hit). The global rules are read first and the the specific rules later.

这篇关于从拒绝所有子目录中的htaccess的不重写文件规则的根htaccess的的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！