拒绝访问所有.php文件,除了根的index.php [英] Deny access to all .php files except root index.php
问题描述
这是本质上的<一个副本href="http://stackoverflow.com/questions/1340001/deny-direct-access-to-all-php-files-except-index-php/1607587">this问题但有一点需要注意:我想要拒绝直接访问一个名为index.php的根目录下的所有文件
This is essentially a duplicate of this question but with one caveat: I want to deny direct access to all files named index.php below the root directory.
允许: 的index.php
Allow: /index.php
拒绝: /application/views/settings/index.php
Deny: /application/views/settings/index.php
我知道我可以使用PHP来寻找一个定义的常量或变量,但有可能使用的.htaccess只是实现这一目标?这是我到目前为止有:
I know I can use PHP to look for a defined constant or variable, but is it possible to achieve this using .htaccess only? This is what I have so far:
##
# Disallow direct access to files.
#
<FilesMatch "^(.*)\.php$">
Order Deny,Allow
Deny from all
</FilesMatch>
<FilesMatch "^index\.php$">
Order Allow,Deny
Allow from all
</FilesMatch>
添加第三个 FilesMatch 拒绝^(。*)/指数/指数\的.php $不工作。
推荐答案
您无法使用&LT做到这一点; FilesMatch 或&LT;文件&GT; 单独指令:您需要将它们与&LT相结合;目录。例如:
You cannot do it with <FilesMatch or <Files> directive alone: you need to combine them with <Directory. For example:
<Directory /var/www>
<FilesMatch "\.php$">
Order Deny,Allow
Deny from all
</FilesMatch>
<FilesMatch "^index\.php$">
Order Allow,Deny
Allow from all
</FilesMatch>
</Directory>
<Directory /var/www/*>
<FilesMatch "\.php$">
Order Deny,Allow
Deny from all
</FilesMatch>
</Directory>
这里的缺点是,你应该修改的httpd.conf 或类似的文件,如&LT;目录&GT; 指令可以在的.htaccess 不能使用。
The catch here is that you should edit httpd.conf or similar files, as <Directory> directive cannot be used in .htaccess.
如果您不能更新 .conf文件文件和的.htaccess 是唯一的出路身边,你会要复制的规则显示每个目录中的的.htaccess ,我想。它是否比使用如果(定义(...))招更好的,是你。
If you can't update .conf files and .htaccess is the only way around, you would have to copy the shown rule in each directory's .htaccess, I suppose. Whether or not it's better than using if(defined(...)) trick, is up to you.
这篇关于拒绝访问所有.php文件,除了根的index.php的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
