禁止直接访问htaccess中的文件？ [英] Disallow direct access to a file in htaccess?

问题描述

我想禁止用户直接访问我网站上的PHP脚本。

I would like to disallow users to access directly to a PHP script on my website.

该脚本应该从网站上的其他脚本访问。

This script should instead be accessed from other scripts on the website.

例如， somepage.php可以调用 upload.php，但不允许用户键入 mywebsite.com/upload.php 。不幸的是，我无法将脚本移动到特定文件夹。

For example, "somepage.php" can call "upload.php", but users are not allowed to type mywebsite.com/upload.php. Unfortunately I can't move my script to a specific folder.

推荐答案

根据我其他回答中的评论，很明显，这个问题实际上提出了不同的要求。由于我觉得其他答案与最初提出的问题有关，因此我不想编辑该答案，而是添加此其他答案。

As per the comment in my other answer it has become clear that the question actually asked something different. Since i feel that the other answer relates to the question as originally asked, i do not want to edit that one, but rather add this additional answer.

此答案将回答：如何阻止其他网站深入链接正在我的iframe中显示的页面？

This one will answer: How do i stop a different site from deep linking a page that is being displayed within an iframe on mine?

要正确地做到这一点，可以使用PHP会话。然后，您将在您的主页中发起一个会话，如果该会话实际上已经开始，则该用户只能查看内部页面。

To do that correctly it is possible to use PHP Sessions. In your main page you would then initiate a session, this user would only be able to view the "inner" page if the session has in fact started.

假设您有两个页面：index.php和inner.php。您将以下内容放在index.php的开头：

Let's say you have two pages: index.php and inner.php. You will put the following in the beginning of index.php:

if (session_status() !== PHP_SESSION_ACTIVE) session_start();

在inner.php中，您将拥有：

In the inner.php you will have:

if (session_status() !== PHP_SESSION_ACTIVE) die("Deep linking detected");

您绝对不能从htaccess或页面代码之外的任何其他位置执行此类操作

And you definitely cannot do anything like this from htaccess or any other place outside of the code of the pages themselves.

参考： http://www.php.net/manual/en/function.session-status.php

这篇关于禁止直接访问htaccess中的文件？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！