保护目录免遭直接URL访问 [英] Protecting a directory from direct URL access

问题描述

需要一些帮助...

我需要保护DIRECTORY中的所有FOLDERS免受直接URL 的访问.我可以使用.htaccess进行此操作吗，如果可以，怎么办?还是他们更安全的方法?

I need to protect all the FOLDERS in a DIRECTORY from direct URL access. Can I do this with .htaccess and if yes, how? Or is their a safer method?

这是我的情况，我允许用户上传pdf文件.

Here's my situation, I allow a user to UPLOAD a a pdf file.

文件已发送到/uploads/{userid}/{filename}

这一切都很好，但问题是，如果有人知道{userid}和{filename}

This all works dandy, but the issue is that the PDF can be accessed directly if someone knows the {userid} and {filename}

我想从直接URL访问保护uploads目录和所有子目录.

I want to secure the uploads directory and all sub directories from direct URL access.

但是，与此同时，我的数据库(MySQL)必须能够浏览uploads目录和子目录，以确认PDF文件已上传，并让管理员从管理员控制面板下载该文件.

At the same time however my database (MySQL) needs to be able to browse the uploads directory and sub directories to confirm that a PDF file was uploaded and let the admin download the file from the admin control panel.

现在，我不要求您编写代码.我只是让您知道我的规格，因为我认为有人可能会建议htpasswd，但我认为我不能根据我的要求使用该解决方案.

Now I'm not asking you to write my code. I'm just letting you know my specs because I assume someone might suggest htpasswd but I don't think I can use that solution as per my requirements.

如果您有一个简单的解决方案，或者可以将我带到正确的教程上，请这样做.

If you have a simple solution or if you can point me on the right track to a tutorial please do so.

谢谢！

推荐答案

最好将此类文件置于Web根目录之外.但是您仍然可以使用.htaccess保护文件.除非您不小心删除了.htaccess或sysadmin更改了主要配置(有时会发生)，否则它们将得到保护.

As Fabio points out - it's better to keep such files out of web root. But you still CAN use .htaccess to protect the files. They'll be guaranteed protected unless you accidentally delete the .htaccess or the sysadmin changes the main configuration (which sometimes happens).

只需将.htaccess放到您要保护的目录中，然后在该.htaccess中放一行:

Just put a an .htaccess into the directory you want to protect, and put a single line in that .htaccess:

deny from all

这篇关于保护目录免遭直接URL访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！