如果调用方未使用 HTTPS,如何阻止对 PHP 文件的访问? [英] How can I prevent access to PHP files if the caller isn't using HTTPS?
问题描述
我编写了几个 PHP Web 服务,通过 URL 传递参数.为了防止未经授权的访问,我传入了一个唯一的密钥作为参数之一.我通过 HTTPS 调用 PHP 文件,我想知道如果不使用 HTTPS,是否有办法阻止脚本运行.
I have written several PHP web services where I pass in arguments via the URL. To prevent unauthorized access, I pass in a unique key as one of the arguments. I call the PHP file via HTTPS, and I am wondering if there's a way I can prevent the script from running if HTTPS is not used.
推荐答案
稍微偏离主题,但如果您将 PHP 与 Apache Httpd 和 mod_ssl
一起使用,您可以强制 SSL 访问文件(和PHP 脚本)通过放置 SSLRequireSSL
.htaccess
或目录配置中的指令.
Slightly off topic, but if you're using PHP with Apache Httpd and mod_ssl
, you can force SSL access to files (and PHP scripts) by placing the SSLRequireSSL
directive in .htaccess
or in the Directory configuration.
这篇关于如果调用方未使用 HTTPS,如何阻止对 PHP 文件的访问?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!