0

I want to use mod-rewrite block execution of all files except for my bootstrap.php file in the document root, and I also want to block access to all files in the .git folder (also in the document root). Another (probably better solution) would be to allow access only files inside of a directory called public (there are multiple directories called public in different parts of my application), deny direct access to any other file while directing all other requests through my bootstrap.php file. Here's what I have.

RewriteEngine On

RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* /bootstrap.php

RewriteCond %{REQUEST_FILENAME} -fd
RewriteRule .*\.php /denied.php

RewriteCond %{REQUEST_FILENAME} -fd
RewriteRule \.git /denied.php

Any suggestions are greatly appreciated.

4

2 回答 2

1

You are NOT allowed to use multiple verification on a condition for files, it would give you an error like bad flag delimiters, if you use it like this:

RewriteCond %{REQUEST_FILENAME} !-fd

So it would be something like this:

Options +FollowSymLinks -MultiViews
RewriteEngine On

# not a existent file
RewriteCond %{REQUEST_FILENAME} !-f
# and not a folder
RewriteCond %{REQUEST_FILENAME} !-d
# and not a symbolic link
RewriteCond %{REQUEST_FILENAME} !-l
# and not bootstrap.php or denied.php
RewriteCond %{REQUEST_FILENAME} !(bootstrap.php|denied.php)$
# redirect to /bootstrap.php
RewriteRule .* /bootstrap.php

# is a existent file
RewriteCond %{REQUEST_FILENAME} -f [OR]
# or directory
RewriteCond %{REQUEST_FILENAME} -d [OR]
# or symbolic link
RewriteCond %{REQUEST_FILENAME} -l
# and not bootstrap.php or denied.php
RewriteCond %{REQUEST_FILENAME} !(bootstrap.php|denied.php)$
# contains .php or .git + anything else redirect to /denied.php
RewriteRule \.(php|git)/?.*$ /denied.php

You can also use the F flag instead which returns a 403 FORBIDDEN response to the client browser. 

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d [OR]
RewriteCond %{REQUEST_FILENAME} -l
RewriteCond %{REQUEST_FILENAME} !(bootstrap.php|denied.php)$
RewriteRule \.(php|git)/?.*$ - [F]
于 2013-08-10T01:39:52.443 回答
0

如何限制对某个文件夹的访问的常用方法是将自己的 .htaccess 文件放入该文件夹并使用此代码放入该文件

Order Allow,Deny
Deny from all

这可以防止整个文件夹(以及该文件夹内的所有文件夹)访问(从网络/互联网)。

所以我想如果你会在主文件夹中使用它并修改它,以便它只允许一个文件夹来存储所有“公共访问的文件”(例如图像和 .css),这将是最好的解决方案你。

您可以允许一个这样的文件夹

Order Allow,Deny
Allow /onefoldername
Deny from all

这应该可以防止除名为“onefoldername”的文件夹之外的任何内容从 Web 访问。

于 2013-08-10T01:33:03.420 回答