拒绝对IIS Web服务器中的JavaScript文件的直接访问 [英] Deny Direct Access to JavaScript Files in IIS Web Server

问题描述

我有一个使用php和java脚本的Web应用程序.如果有人尝试在浏览器中输入Java脚本文件的路径，则将在浏览器中显示完整的Java脚本.例如: http://myserver.com/MyApp/app/view/baseView.js，这将返回该特定Java脚本文件的源代码.

I have a web application which is in php and java script. if someone tries to enter the path of the java script file in the browser, the complete java script is being displayed in the browser. For example: http://myserver.com/MyApp/app/view/baseView.js , this returns the source code of that particular java script file.

我可以限制吗?我正在使用Windows IIS 7.5 Web服务器.我已经尝试在主要的web.config文件中执行此操作:

Can I restrict this ? I am using Windows IIS 7.5 Web Server. I have tried doing this in the main web.config file:

<security>
        <authorization>
            <remove users="*" roles="" verbs="" />
            <add accessType="Allow" users="" roles="Administrators" />

        </authorization>
    </security>

但是，即使我尝试通过url访问default.php文件，此代码也会阻止整个应用程序，Web服务器将返回以下错误:"401-未经授权:由于凭据无效而拒绝访问".

But this code blocks the complete application, even when I try to access the default.php file through the url, the following error is being returned by the Web Server : "401 - Unauthorized: Access is denied due to invalid credentials".

请帮助！

推荐答案

您不能阻止对文件的直接访问.如前所述，如果您限制对该文件的访问，那么对于那些无权访问该js文件的用户，该php文件将中断".

You cannot block direct access to the file. If you restrict access to the file, as you mentioned the php file will 'break' for users who don't have access to that js file.

但是，您可以将访问URL的用户直接重定向到文件:Javascript示例:

You could however redirect users who visit the URL to the file directly: Javascript example:

<script>
if(window.location.href.endsWith('baseView.js'))
{
    window.location = 'www.google.com'
}
</script>

您也可以使用.htaccess文件来执行此操作，这会更好.(尽管我现在无法自己进行测试，但我不确定它是否可以正常工作，并且无法通过php文件调用)

You may also be able to use the .htaccess file to do this, which would be much better. (although I cannot test this myself right now, I'm not sure if it would work and not be invoked through the php file)

注意:这绝不会阻止用户阅读Javascript文件，因此我不确定为什么要这样做.

Note: This will in no way stop users from reading the Javascript file, so I am not sure why you want to do this.

这篇关于拒绝对IIS Web服务器中的JavaScript文件的直接访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！