.htaccess 限制对文件夹的访问 [英] .htaccess to restrict access to folder

问题描述

我有一个继承(包括)另一个 PHP 文件的 php 文件.所有继承的文件都位于一个名为includes"的文件夹中.我希望能够限制对该文件夹的任何直接访问.只有服务器中的 PHP 文件才能与includes"文件夹中的文件通信.我如何使用 .htaccess 来实现这样的目标?

I have a php file that inherits (includes) another PHP files. All inherited files are located in one folder called "includes". I want to be able to restrict any direct access to this folder. Only PHP files within the server can communicate with the files in the "includes" folder. How can I use .htaccess to accomplish such goal?

仅供参考，我使用了以下代码但它不起作用

FYI, I used the following code and it did not work

Order deny,allow
deny from all

任何帮助将不胜感激

推荐答案

如果您没有选择将includes"文件夹实际移动到文档根区域之外，并使用 include_path(即您不能从网络获取它)，然后输入

If you don't have the option of actually moving the "includes" folder outside of the Document Root area, and using the include_path (i.e. you can't get to it from web), then enter

deny from all

在该目录中的 .htaccess 目录中.

in a .htaccess directory in that directory.

然而，另一种方法是使用 DEFINES 指令只允许特定授权文件访问那些包含程序.例如，把

However, alternative is to use a DEFINES directive to only allow access to those include programs by specific authorised files. For example, put

<?php defined('ACCESS_ALLOWED') or die('Restricted Access'); ?>

在包含文件的顶部，然后放

in the top of the include files, and then put

<?php define('ACCESS_ALLOWED', 1); ?>

在允许包含这些文件的程序中.

in the programs that are allowed to include those files.

这将防止对那些包含文件的随意 GET 运行它们，并且适用于任何 Web 服务器，而不仅仅是那些支持 htaccess 文件的服务器.

This will prevent casual GETs to those include files from running them, and will work for any web server, not just those supporting htaccess files.

这篇关于.htaccess 限制对文件夹的访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！