如何拒绝访问 .htaccess 中的文件 [英] How to deny access to a file in .htaccess

问题描述

我有以下 .htaccess 文件:

I have the following .htaccess file:

RewriteEngine On
RewriteBase /

# Protect the htaccess file
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>

# Protect log.txt
<Files ./inscription/log.txt>
Order Allow,Deny
Deny from all
</Files>

# Disable directory browsing
Options All -Indexes

我试图禁止访问者访问以下文件:

I am trying to forbid visitors to access the following file:

domain.com/inscription/log.txt

但我上面的内容不起作用:我仍然可以从浏览器远程访问文件.

but what I have above does not work: I can still access the file from the browser remotely.

推荐答案

在 htaccess 文件中， 指令的范围仅适用于该目录(我想是为了避免混淆子目录的 htaccess 中的规则/指令被应用以取代父目录中的规则/指令).

Within an htaccess file, the scope of the <Files> directive only applies to that directory (I guess to avoid confusion when rules/directives in the htaccess of subdirectories get applied superceding ones from the parent).

所以你可以:

<Files "log.txt">  
  Order Allow,Deny
  Deny from all
</Files>

对于 Apache 2.4+，您可以使用:

For Apache 2.4+, you'd use:

<Files "log.txt">  
  Require all denied
</Files>

在 inscription 目录中的 htaccess 文件中.或者您可以使用 mod_rewrite 来处理拒绝访问 htaccess 文件和 log.txt 的两种情况:

In an htaccess file in your inscription directory. Or you can use mod_rewrite to sort of handle both cases deny access to htaccess file as well as log.txt:

RewriteRule /?.htaccess$ - [F,L]

RewriteRule ^/?inscription/log.txt$ - [F,L]

这篇关于如何拒绝访问 .htaccess 中的文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！