如果调用者未使用HTTPS,如何阻止访问PHP文件? [英] How can I prevent access to PHP files if the caller isn't using HTTPS?
问题描述
我已经编写了几个PHP Web服务,我通过URL传递参数。为了防止未经授权的访问,我传入一个唯一的密钥作为其中一个参数。我通过HTTPS调用PHP文件,我想知道如果没有使用HTTPS,我是否可以阻止脚本运行。
I have written several PHP web services where I pass in arguments via the URL. To prevent unauthorized access, I pass in a unique key as one of the arguments. I call the PHP file via HTTPS, and I am wondering if there's a way I can prevent the script from running if HTTPS is not used.
推荐答案
稍微偏离主题,但如果您使用PHP与Apache Httpd和 mod_ssl
,则可以通过放置<强制SSL访问文件(和PHP脚本) a href =http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslrequiressl =noreferrer> SSLRequireSSL
指令在 .htaccess
或目录配置中。
Slightly off topic, but if you're using PHP with Apache Httpd and mod_ssl
, you can force SSL access to files (and PHP scripts) by placing the SSLRequireSSL
directive in .htaccess
or in the Directory configuration.
这篇关于如果调用者未使用HTTPS,如何阻止访问PHP文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!