MVC应用程序中的公开文件夹 [英] Exposed folders in MVC application

问题描述

嗯，首先请为我的初学者英语打个招呼.

Well, as a start please excuse me for my beginner English..

我想了解有关PHP MVC应用程序中安全性的更多信息

I want to know more about security in PHP MVC applications

我已经创建了自己的MVC，但还没有完成.
我的应用程序目录通过带有子元素的URL访问公开.

I've created my own MVC, I still haven't finished it.
My application directory is exposed by URL access with child elements.

如何隐藏访问者的内容?

How to make this hidden from visitors?

以下是我正在尝试的

Apache mod_rewrite吗?

Apache mod_rewrite ?

我仍然不知道在每个文件夹(如框架Codeigniter)中将其设为空index.html吗?

I still don't know to make it empty index.html in each folder like the framework Codeigniter ?

用于指示的内容是什么? 和， ...如何制作?

What to use for something to indicate ? and, ... how to make ?

修改 我对rewrite_rules

下面是我的.htaccess

    Options -MultiViews
    RewriteEngine On
    RewriteBase /ligia

    #RewriteCond %{REQUEST_FILENAME} -f [OR]
    #RewriteCond %{REQUEST_FILENAME} -l [OR]
    #RewriteCond %{REQUEST_FILENAME} -d
    #RewriteRule .+ -
    #I know, it is commented

    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-l
    RewriteRule "^(.+)$"    "index.php?uri=$1"   [QSA,L]

但是我担心这是否是保存我的MVC应用程序的最佳方法 安全！?

But I am afraid if this is the best way to hold my MVC application security!?

我需要帮助！

推荐答案

首先请确保您的.htaccess文件位于文档根目录(与index.php相同的位置)中，否则只会影响子文件夹在其中(以及其中的所有子文件夹-递归).

First make sure that your .htaccess file is in your document root (the same place as index.php) or it'll only affect the sub-folder it's in (and any sub-folders within that - recursively).

下一步，对您的规则进行一些更改，使其类似于:

Next make a slight change to your rule so it looks something like:

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?path=$1 [NC,L,QSA]

此刻，您正在上进行匹配.这是任何字符的一个实例，您至少需要.*才能匹配任意数量的任何字符的实例.

At the moment you're just matching on . which is one instance of any character, you need at least .* to match any number of instances of any character.

如果要将整个shebang安装在子目录(例如/mvc/或/framework/)中，最简单的方法是略微更改重写规则以将其考虑在内.

If you want the whole shebang installed in a sub-directory, such as /mvc/ or /framework/ the least complicated way to do it is to change the rewrite rule slightly to take that into account.

RewriteRule ^(.*)$ /mvc/index.php?path=$1 [NC,L,QSA]

并确保index.php位于该文件夹中，而.htaccess文件位于文档根目录中.

And ensure that your index.php is in that folder whilst the .htaccess file is in the document root.

NC =不区分大小写(不区分大小写，因为该模式中没有字符，所以没有必要)

NC = No Case (not case sensitive, not really necessary since there are no characters in the pattern)

L =最后(此重写后它将停止重写，因此请确保它是您重写列表中的最后一件事)

L = Last (it'll stop rewriting at after this Rewrite so make sure it's the last thing in your list of rewrites)

QSA =查询字符串追加，以防万一您想要保留并传递给index.php的末尾类似?like = penguins的东西.

QSA = Query String Apend, just in case you've got something like ?like=penguins on the end which you want to keep and pass to index.php.

这篇关于MVC应用程序中的公开文件夹的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！