拒绝直接访问除 index.php 之外的所有 .php 文件 [英] Deny direct access to all .php files except index.php
问题描述
我想拒绝对所有 .php
文件的直接访问,除了一个:index.php
I want to deny direct access to all .php
files except one: index.php
对其他 .php
文件的唯一访问应该是通过 php include
.
The only access to the other .php
files should be through php include
.
如果可能,我希望所有文件都在同一个文件夹中.
If possible I want all files in the same folder.
更新:
一般规则会很好,所以我不需要浏览所有文件.风险是我忘记了文件或行.
A general rule would be nice, so I don't need to go through all files. The risk is that I forget a file or line.
更新 2:
index.php
在文件夹 www.myadress.com/myfolder/index.php
我想拒绝访问 myfolder
中的所有 .php
文件和该文件夹的子文件夹.
I want to deny access to all .php
files in myfolder
and subfolders to that folder.
推荐答案
您确定要这样做吗?甚至 css 和 js 文件和图像和...?
Are you sure, you want to do that? Even css and js files and images and ...?
好的,首先检查apache中是否安装了mod_access,然后将以下内容添加到您的.htaccess中:
OK, first check if mod_access in installed to apache, then add the following to your .htaccess:
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
<Files /index.php>
Order Allow,Deny
Allow from all
</Files>
第一个指令禁止访问除本地主机以外的任何文件,因为Order Deny,Allow
,Allow 稍后应用,第二个指令只影响 index.php.
The first directive forbids access to any files except from localhost, because of Order Deny,Allow
, Allow gets applied later, the second directive only affects index.php.
警告:订单行中逗号后没有空格.
Caveat: No space after the comma in the Order line.
要允许访问匹配 *.css 或 *.js 的文件,请使用以下指令:
To allow access to files matching *.css or *.js use this directive:
<FilesMatch ".*.(css|js)$">
Order Allow,Deny
Allow from all
</FilesMatch>
但是,您不能在 .htaccess 文件中使用
或
指令.
You cannot use directives for <Location>
or <Directory>
inside .htaccess files, though.
您的选择是在第一个允许、拒绝组周围使用
,然后明确允许访问 index.php.
Your option would be to use <FilesMatch ".*.php$">
around the first allow,deny group and then explicitely allow access to index.php.
Apache 2.4 更新:这个答案对于 Apache 2.2 是正确的.在 Apache 2.4 中,访问控制范式发生了变化,正确的语法是使用 Require all denied
.
Update for Apache 2.4:
This answer is correct for Apache 2.2. In Apache 2.4 the access control paradigm has changed, and the correct syntax is to use Require all denied
.
这篇关于拒绝直接访问除 index.php 之外的所有 .php 文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!