PHP / Apache的拒绝用户访问文件夹而不是脚本 [英] PHP/Apache Deny folder access to user but not to script
问题描述
所以我有这个PHP Web应用程序,而我的文件夹中的一个包含一些文件可以下载。
So I have this php web app, and one of my folder contains some files that can be downloaded.
我有修改了标题,以始终提供一个下载链接下载脚本。 (而不是显示例如图片,当你点击一个链接,下载框弹出了)
I have a download script that modifies the headers, in order to always offer a download link. (instead of showing a picture for example, when you click on a link, a download box pops out)
现在,如果你输入一个网址,如: http://www.mywebsite.com/content/
你得到的所有下载的文件列表,当然,你可以下载所有这些,而不通过网站界面去。
Right now, if you enter a url like: http://www.mywebsite.com/content/ You get the listing of all the downloadable files, and of course, you can just download them all, without going through the website interface.
就个人而言,我不认为这是一个问题,因为我经常使用downthemall或其他下载工具,而这种类型的访问是一个伟大的节省时间....
Personally, I don't think it's a problem, since I often use downthemall or other downloading tool, and this type of access is a great time saver....
但当然,我公司不这么认为:-P他们希望人们用以便在界面查看广告...
But of course my company does not think so :-p They want people to use the interface in order to view the Ads...
他们会是一种方式,也许与受保护的.htaccess,离开我的下载脚本的文件夹的访问,但拒绝访问的用户...?
Would they be a way, maybe with a protected .htaccess, to leave the folder access to my download script, but deny access to the users...?
我希望我决策意识,你知道我的意思:)
I hope I am making sense and you know what I mean :)
所有帮助/ AP言论preciated!
All help/remarks appreciated!
推荐答案
您可以做一个的.htaccess 文件并输入选项-Indexes
此将禁用文件在目录中列出。
You can make a .htaccess file and enter Options -Indexes
this will disable listing of the files in the directory.
如果您还需要交通从您的网站发起您将需要一个文件说...... 的index.php 与code,检查 $ _ SERVER ['HTTP_REFERER']
来看看流量从您的网站起源。
If you also need the traffic to originate from your site you will need to make a file say... index.php with code that checks $_SERVER['HTTP_REFERER']
to see if the traffic originates from your site.
修改
哦,我忘了你其实可以解决这一切在.htaccess:
Oh I forgot you can actually fix it all in the .htaccess:
Options -Indexes
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://your-host.com/.*$ [NC]
RewriteRule ^.* /403-page [L,R]
这会尽我所建议的脚本的所有工作,这样你就不需要它了。
This will do all the work of the script I suggested, so you won't need it anymore.
这篇关于PHP / Apache的拒绝用户访问文件夹而不是脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!