MVC应用程序中的公开文件夹 [英] Exposed folders in MVC application
问题描述
嗯,首先请为我的初学者英语打个招呼.
Well, as a start please excuse me for my beginner English..
我想了解有关PHP MVC应用程序中安全性的更多信息
I want to know more about security in PHP MVC applications
我已经创建了自己的MVC,但还没有完成.
我的应用程序目录通过带有子元素的URL访问公开.
I've created my own MVC, I still haven't finished it.
My application directory is exposed by URL access with child elements.
如何隐藏访问者的内容?
How to make this hidden from visitors?
以下是我正在尝试的
Apache mod_rewrite吗?
Apache mod_rewrite ?
我仍然不知道在每个文件夹(如框架Codeigniter)中将其设为空index.html吗?
I still don't know to make it empty index.html in each folder like the framework Codeigniter ?
用于指示的内容是什么? 和, ...如何制作?
What to use for something to indicate ? and, ... how to make ?
修改
我对rewrite_rules
下面是我的.htaccess
Options -MultiViews
RewriteEngine On
RewriteBase /ligia
#RewriteCond %{REQUEST_FILENAME} -f [OR]
#RewriteCond %{REQUEST_FILENAME} -l [OR]
#RewriteCond %{REQUEST_FILENAME} -d
#RewriteRule .+ -
#I know, it is commented
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule "^(.+)$" "index.php?uri=$1" [QSA,L]
但是我担心这是否是保存我的MVC应用程序的最佳方法 安全!?
But I am afraid if this is the best way to hold my MVC application security!?
我需要帮助!
推荐答案
首先请确保您的.htaccess
文件位于文档根目录(与index.php
相同的位置)中,否则只会影响子文件夹在其中(以及其中的所有子文件夹-递归).
First make sure that your .htaccess
file is in your document root (the same place as index.php
) or it'll only affect the sub-folder it's in (and any sub-folders within that - recursively).
下一步,对您的规则进行一些更改,使其类似于:
Next make a slight change to your rule so it looks something like:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?path=$1 [NC,L,QSA]
此刻,您正在上进行匹配.这是任何字符的一个实例,您至少需要.*才能匹配任意数量的任何字符的实例.
At the moment you're just matching on . which is one instance of any character, you need at least .* to match any number of instances of any character.
如果要将整个shebang安装在子目录(例如/mvc/
或/framework/
)中,最简单的方法是略微更改重写规则以将其考虑在内.
If you want the whole shebang installed in a sub-directory, such as /mvc/
or /framework/
the least complicated way to do it is to change the rewrite rule slightly to take that into account.
RewriteRule ^(.*)$ /mvc/index.php?path=$1 [NC,L,QSA]
并确保index.php位于该文件夹中,而.htaccess文件位于文档根目录中.
And ensure that your index.php is in that folder whilst the .htaccess file is in the document root.
NC =不区分大小写(不区分大小写,因为该模式中没有字符,所以没有必要)
NC = No Case (not case sensitive, not really necessary since there are no characters in the pattern)
L =最后(此重写后它将停止重写,因此请确保它是您重写列表中的最后一件事)
L = Last (it'll stop rewriting at after this Rewrite so make sure it's the last thing in your list of rewrites)
QSA =查询字符串追加,以防万一您想要保留并传递给index.php的末尾类似?like = penguins的东西.
QSA = Query String Apend, just in case you've got something like ?like=penguins on the end which you want to keep and pass to index.php.
这篇关于MVC应用程序中的公开文件夹的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!