是否可以获取网站目录下的文件列表?如何? [英] Is it possible to get a list of files under a directory of a website? How?

问题描述

假设我有一个网站 www.abc.com.在网站目录下有一个页面secret.html.它可以像 www.abc.com/secret.html 一样直接访问，但没有链接到它的页面.是否有可能发现此页面，或者它会一直隐藏在外部世界之外?

Say I have a website www.abc.com. Under the website directory there is a page secret.html. It can be accessed directly like www.abc.com/secret.html, but there are no pages that link to it. Is it possible to discover this page, or will it remain hidden from outside world?

推荐答案

如果您在 Web 服务器中禁用了目录列表，那么人们找到它的唯一方法就是通过猜测或找到指向它的链接.

If you have directory listing disabled in your webserver, then the only way somebody will find it is by guessing or by finding a link to it.

也就是说，我已经看到黑客脚本试图猜测"一大堆这些常见名称.secret.html"可能会在这样的猜测列表中.

That said, I've seen hacking scripts attempt to "guess" a whole bunch of these common names. "secret.html" would probably be in such a guess list.

更合理的解决方案是通过 htaccess 文件(对于 apache)或您使用的任何网络服务器的等效设置来限制使用用户名/密码的访问.

The more reasonable solution is to restrict access using a username/password via a htaccess file (for apache) or the equivalent setting for whatever webserver you're using.

这篇关于是否可以获取网站目录下的文件列表?如何?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！