如何拒绝访问 .htaccess 中的文件 [英] How to deny access to a file in .htaccess
问题描述
我有以下 .htaccess 文件:
I have the following .htaccess file:
RewriteEngine On
RewriteBase /
# Protect the htaccess file
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>
# Protect log.txt
<Files ./inscription/log.txt>
Order Allow,Deny
Deny from all
</Files>
# Disable directory browsing
Options All -Indexes
我试图禁止访问者访问以下文件:
I am trying to forbid visitors to access the following file:
domain.com/inscription/log.txt
但我上面的内容不起作用:我仍然可以从浏览器远程访问文件.
but what I have above does not work: I can still access the file from the browser remotely.
推荐答案
在 htaccess 文件中,
指令的范围仅适用于该目录(我想是为了避免混淆子目录的 htaccess 中的规则/指令被应用以取代父目录中的规则/指令).
Within an htaccess file, the scope of the <Files>
directive only applies to that directory (I guess to avoid confusion when rules/directives in the htaccess of subdirectories get applied superceding ones from the parent).
所以你可以:
<Files "log.txt">
Order Allow,Deny
Deny from all
</Files>
对于 Apache 2.4+,您可以使用:
For Apache 2.4+, you'd use:
<Files "log.txt">
Require all denied
</Files>
在 inscription
目录中的 htaccess 文件中.或者您可以使用 mod_rewrite 来处理拒绝访问 htaccess 文件和 log.txt 的两种情况:
In an htaccess file in your inscription
directory. Or you can use mod_rewrite to sort of handle both cases deny access to htaccess file as well as log.txt:
RewriteRule /?.htaccess$ - [F,L]
RewriteRule ^/?inscription/log.txt$ - [F,L]
这篇关于如何拒绝访问 .htaccess 中的文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!