0

I've got the following htaccess file in my website's root folder:

# Deny access to everything by default
Order Deny,Allow
deny from all

# Allow access to html files
<Files *.html>
    allow from all
</Files>

I do this to prevent access to everything but html files. However, it also seems to be preventing index.html from loading automatically (eg. navigating to http://www.website.com fails). But if I specifically request index.html (eg. http://www.website.com/index.html), I can access it.

How can I deny access to everything but html files and still have index.html load automatically?

4

2 回答 2

1

I think you have to use the DirectoryIndex directive in your .htaccess file:

DirectoryIndex index.html
于 2013-07-13T07:34:31.260 回答
0

I was able to add a FilesMatch rule to get this working:

# Deny access to everything by default
Order Deny,Allow
deny from all

# Enable the redirect to index.html
<FilesMatch ^$>
    allow from all
</FilesMatch>

# Allow access to html files
<Files *.html>
    allow from all
</Files>

This essentially allows anything matching an empty request path. I believe the problem here was that the allow/deny rules were being applied to the incoming request before the automatic index redirect was applied. So essentially the request for http://www.website.com/ would come in, not match any of the whitelisted file types, and be denied by the blanket deny from all statement. Apparently this was short-circuiting the request at that point - before it could be automatically redirected to a request for index.html, which would have been allowed.

于 2013-07-14T08:10:16.797 回答