如何使用.htaccess保护服务器目录 [英] how to protect server directory using .htaccess
问题描述
image.php
如果用户登录,则由脚本处理
login.php
所有这些脚本都存储在名为脚本
如何确保有人无法访问这些页面,但仍然确保系统可以使用这些页面?我想确保PHP页面将接受帖子值,获取值并可以重定向到其他页面,但不能通过地址栏直接访问或下载?
我尝试使用.htaccess阻止使用 deny从所有和限制GET,POST 访问,但这阻止了系统工作,因为我无法访问这些文件。
使用htaccess阻止文件会使请求者无法访问文件,例如页面的访问者。因此,您需要一个代理文件将访问者的请求传递给文件。为此,请查看 MVC模式和前端控制器模式。
基本上,您想要做的是将所有请求路由到单个入口点,例如index.php并从那里决定,调用哪个动作(您的脚本)来处理请求。那么你可以将你的脚本和模板放在可公开访问的文件夹之外,或者如果这是不可能的(在某些共享的主机上),就像你已经做过的那样保护htaccess的文件夹(DENY FROM ALL)然后。 / p>
要使用上传脚本,您将有一个像 http://example.com/index.php?action=upload 。
一个超简单的FrontController就像
$ scriptPath ='path / to / your / scripts / directory /';
$ defaultAction ='action404.php';
$ requestedAction = $ _GET ['action']; //你可能想要清理这个
开关($ action){
case'upload':
$ actionScript ='image.php';
break;
case'login':
$ actionScript ='login.php';
break;
默认值:
$ actionScript = $ defaultAction;
}
包含$ scriptPath。 $动作;
退出;
然后,您的ActionScript会执行所需的一切操作,包括重定向,数据库访问,身份验证,上传内容,渲染模板等 - 无论您认为必要。上面示例中的默认操作可能如下所示:
<?php // action404.php
header ('HTTP / 1.1 404 File Not Found');
fpassthru('path / to / template / directory / error404.html');
有 PHP中的FrontController模式的许多实现。一些简单,有些复杂。 CodeIgniter框架使用轻量级的MVC / FrontController实现,如果这是新的,则可能不会太过于压倒性。 / p>
像以上建议的Atli一样,您可以使用 mod_rewrite 强制所有请求到index.php,您也可以使用它让你的网址漂亮这是MVC框架的常见做法,已被广泛的覆盖在这里和其他地方。
I have designed a website, and within it I have a range of PHP scripts which interact with my system. For example, if a user uploads an image, this is processed by the script
image.php
and if a user logs in this is processed by the script
login.php
All these scripts are stored in the folder called: scripts
How do I ensure someone cannot access these pages, however still ensure they can be used by the system? I want to ensure the PHP pages will accept post values, get values and can redirect to other pages, but not be directly accessed via the address bar or downloaded?
I attempted to block access using .htaccess using deny from all and Limit GET, POST but this prevented the system from working as I could not access those files at all.
Blocking files with htaccess makes the files inaccessible to the requestor, e.g. the visitor of the page. So you need a proxy file to pass the visitor's request to the files. For that, have a look at the MVC pattern and the Front Controller pattern.
Basically, what you will want to do is route all requests to a single point of entry, e.g. index.php and decide from there, which action(your scripts) is called to process the request. Then you could place your scripts and templates outside the publicly accessible folder or, if that is impossible (on some shared hosts), protect the folders with htaccess like you already did (DENY FROM ALL) then.
To use the upload script you'd have a URL like http://example.com/index.php?action=upload.
A supersimple FrontController is as easy as
$scriptPath = 'path/to/your/scripts/directory/';
$defaultAction = 'action404.php';
$requestedAction = $_GET['action']; // you might want to sanitize this
switch($action) {
case 'upload':
$actionScript = 'image.php';
break;
case 'login':
$actionScript = 'login.php';
break;
default:
$actionScript = $defaultAction;
}
include $scriptPath . $actionScript;
exit;
Your actionScript would then do everything you need to do with the request, including redirection, db access, authentication, uploading stuff, rendering templates, etc - whatever you deem necessary. The default action in the example above could look like this:
<?php // action404.php
header('HTTP/1.1 404 File Not Found');
fpassthru('path/to/template/directory/error404.html');
There is numerous implementations of the FrontController pattern in PHP. Some simple, some complex. The CodeIgniter framework uses a lightweight MVC/FrontController implementation that might not be too overwhelming if this is new to to you.
Like Atli above suggested, you could use mod_rewrite to force all requests to index.php and you could also use it to pretty up your URLs. This is common practice with MVC frameworks and has been covered extensively here and elsewhere.
这篇关于如何使用.htaccess保护服务器目录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
