PHP / Apache的拒绝用户访问文件夹而不是脚本 [英] PHP/Apache Deny folder access to user but not to script

问题描述

所以我有这个PHP Web应用程序，而我的文件夹中的一个包含一些文件可以下载。

So I have this php web app, and one of my folder contains some files that can be downloaded.

我有修改了标题，以始终提供​​一个下载链接下载脚本。 （而不是显示例如图片，当你点击一个链接，下载框弹出了）

I have a download script that modifies the headers, in order to always offer a download link. (instead of showing a picture for example, when you click on a link, a download box pops out)

现在，如果你输入一个网址，如： http://www.mywebsite.com/content/
你得到的所有下载的文件列表，当然，你可以下载所有这些，而不通过网站界面去。

Right now, if you enter a url like: http://www.mywebsite.com/content/ You get the listing of all the downloadable files, and of course, you can just download them all, without going through the website interface.

就个人而言，我不认为这是一个问题，因为我经常使用downthemall或其他下载工具，而这种类型的访问是一个伟大的节省时间....

Personally, I don't think it's a problem, since I often use downthemall or other downloading tool, and this type of access is a great time saver....

但当然，我公司不这么认为:-P他们希望人们用以便在界面查看广告...

But of course my company does not think so :-p They want people to use the interface in order to view the Ads...

他们会是一种方式，也许与受保护的.htaccess，离开我的下载脚本的文件夹的访问，但拒绝访问的用户...？

Would they be a way, maybe with a protected .htaccess, to leave the folder access to my download script, but deny access to the users...?

我希望我决策意识，你知道我的意思：）

I hope I am making sense and you know what I mean :)

所有帮助/ AP言论preciated！

All help/remarks appreciated!

推荐答案

您可以做一个的.htaccess 文件并输入选项-Indexes 此将禁用文件在目录中列出。

You can make a .htaccess file and enter Options -Indexes this will disable listing of the files in the directory.

如果您还需要交通从您的网站发起您将需要一个文件说...... 的index.php 与code，检查 $ _ SERVER ['HTTP_REFERER'] 来看看流量从您的网站起源。

If you also need the traffic to originate from your site you will need to make a file say... index.php with code that checks $_SERVER['HTTP_REFERER'] to see if the traffic originates from your site.

修改

哦，我忘了你其实可以解决这一切在.htaccess：

Oh I forgot you can actually fix it all in the .htaccess:

Options -Indexes
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://your-host.com/.*$ [NC]
RewriteRule ^.* /403-page [L,R]

这会尽我所建议的脚本的所有工作，这样你就不需要它了。

This will do all the work of the script I suggested, so you won't need it anymore.

这篇关于PHP / Apache的拒绝用户访问文件夹而不是脚本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！