拒绝子目录 htaccess 中的所有内容，而不是覆盖根 htaccess 中的文件规则 [英] Deny from all in subdirectory htaccess not overriding file rules in root htaccess

问题描述

我遇到了一种情况，我试图拒绝访问我网站子目录中的所有文件.我已经向这个子目录添加了一个 htaccess 文件，并向它添加了拒绝所有指令.但是，我在站点根目录中还有一个 htaccess 文件，它允许特定的文件类型，而且这些文件类型似乎仍然可以在子目录中访问，即使我不再希望它们成为.我有一个解决方法(见下文)，但我觉得必须有更好的方法.这是我的两个 htaccess 文件:

I've got a situation where I'm trying to deny access to all files in a subdirectory of my website. I have added an htaccess file to this subdirectory and added a deny from all directive to it. However, I also have an htaccess file in the site root, which allows specific file types, and it seems like these file types are still accessible in the subdirectory even though I no longer want them to be. I have a workaround for this (see below), but I feel like there must be a better way. Here are my two htaccess files:

根 .htaccess

Root .htaccess

# Deny access to everything by default
Order Deny,Allow
deny from all

# Allow access to html files
<Files *.html>
    allow from all
</Files>

子目录.htaccess

Subdirectory .htaccess

# Deny access to everything
deny from all

解决方法:

子目录.htaccess

Subdirectory .htaccess

# Deny access to everything
Order Allow,Deny
deny from all
<Files *.*>
    deny from all
</Files>

这符合我的要求，但我觉得应该有一种方法可以使所有声明中的否认自行起作用.有谁知道怎么做?

This does what I want, but I feel like there should be a way to make the deny from all statement work by itself. Does anyone know how?

推荐答案

你可以像这样拥有你的 Root .htaccess

You can have your Root .htaccess like this

# Deny access to everything by default
Order Deny,Allow
deny from all

# Allow access to html files
<Files *.html>
    allow from all
</Files>

# Deny access to sub directory
<Files subdirectory/*>
    deny from all
</Files>

子目录中不需要单独的.htaccess.

There is no need for a separate .htaccess in the sub directory.

在第一种情况下，您允许访问根目录中 .htaccess 中的所有 html 文件，而不是在子目录中的任何位置拒绝它.Apache 解析您的所有规则并使用最后一个匹配规则，这与防火墙(使用第一个规则匹配命中)不同.先读全局规则，再读具体规则.

You are allowing access to all html files in your .htaccess in the Root Directory and not denying it anywhere in the sub directory in the first case. Apache parses all your rules and uses the last matching rule, unlike firewalls (which uses the first rule match hit). The global rules are read first and the the specific rules later.

这篇关于拒绝子目录 htaccess 中的所有内容，而不是覆盖根 htaccess 中的文件规则的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！