PHP / Apache拒绝文件夹访问用户而不是脚本 [英] PHP/Apache Deny folder access to user but not to script
问题描述
所以我有这个php网络应用程序,我的一个文件夹包含一些可以下载的文件。
So I have this php web app, and one of my folder contains some files that can be downloaded.
我有一个下载脚本来修改头文件为了总是提供一个下载链接。 (而不是显示图片,例如,当您点击链接时,会弹出一个下载框)
I have a download script that modifies the headers, in order to always offer a download link. (instead of showing a picture for example, when you click on a link, a download box pops out)
现在,如果您输入如下URL: http://www.mywebsite.com/content/
您可以获得所有可下载的列表文件,当然,您可以直接下载它们,而无需通过网站界面。
Right now, if you enter a url like: http://www.mywebsite.com/content/ You get the listing of all the downloadable files, and of course, you can just download them all, without going through the website interface.
我个人认为这不是一个问题,因为我经常使用这种类型的访问是一个很好的节省时间....
Personally, I don't think it's a problem, since I often use downthemall or other downloading tool, and this type of access is a great time saver....
但是我的公司当然不这么认为:要使用界面才能查看广告...
But of course my company does not think so :-p They want people to use the interface in order to view the Ads...
他们会是一种方式,也许有一个受保护的.htaccess,让文件夹访问我的下载脚本,但拒绝访问用户??
Would they be a way, maybe with a protected .htaccess, to leave the folder access to my download script, but deny access to the users...?
我希望我有意义,你知道我的意思:)
I hope I am making sense and you know what I mean :)
所有帮助/评论赞赏!
推荐答案
您可以设置 .htaccess 文件,然后输入 Options -Indexes
的目录中的文件。
You can make a .htaccess file and enter Options -Indexes
this will disable listing of the files in the directory.
如果您还需要流量从您的网站发起,您将需要创建一个文件... index.php 包含检查 $ _ SERVER ['HTTP_REFERER']
的代码,以查看流量是否源自您的网站。
If you also need the traffic to originate from your site you will need to make a file say... index.php with code that checks $_SERVER['HTTP_REFERER']
to see if the traffic originates from your site.
编辑
哦,我忘了你真的可以在.htaccess中修复:
Oh I forgot you can actually fix it all in the .htaccess:
Options -Indexes
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://your-host.com/.*$ [NC]
RewriteRule ^.* /403-page [L,R]
我建议的脚本的工作,所以你不再需要它了。
This will do all the work of the script I suggested, so you won't need it anymore.
这篇关于PHP / Apache拒绝文件夹访问用户而不是脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!