防止用户编辑URL以限制对服务器资源的访问 [英] Prevent URL editing by users to restrict access to server's resources
问题描述
我正在使用node.js并表示要提供使用SSL加密的html文件.但我注意到用户可以更改网址,即.如果url为https://localhost/index,html
,则为https://localhost/anyother.html
.如何禁用用户对url的编辑,以使他们无法访问服务器的任何其他html文件.
I'm using node.js and express to serve html files which uses SSL encryption. But i noticed that users can change the url ie. if url is https://localhost/index,html
, to https://localhost/anyother.html
.How do i disable editing of url by users so that they cannot access any other html files of my server.
推荐答案
您不能.
客户可以要求任何他们喜欢的东西.
Clients can ask for whatever they like.
如果要限制服务器将文件提供给谁,请使用身份验证/授权系统.标识用户(例如,输入密码),然后确定是要使用文件还是403 Forbidden
进行响应.
If you want to limit who the server will give the files to, use an authentication / authorization system. Identify the user (e.g. with a password) and then decide if you want to respond with the file or a 403 Forbidden
.
这篇关于防止用户编辑URL以限制对服务器资源的访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!