我试图阻止直接访问某些目录,在 Ubuntu 中使用 .htaccess 的文件。我知道这个问题有很多可能重复的问题,但没有一个对我有帮助。
我的目录结构:
---- /var/www/html
- login.html
- private (folder)
-- content.html
-- css / style1.css , style2.css
-- JS / myscript1.js , myscript.js
现在我想阻止对私有(private)文件夹的直接访问。喜欢
10.0.0.1/private - Block or Password required
10.0.0.1/private/css - Block or Password required
10.0.0.1/private/js - Block or Password required
但我需要为 login.html 访问 css ,js 。所以我想允许 login.html 访问这些私有(private)文件夹。
喜欢:
10.0.0.1/index.html - Allow
calling content.html via 10.0.0.1/index.html - Allow
request private/css/style1.css via 10.0.0.1/index.html - Allow
request private/css/style2.css via 10.0.0.1/index.html - Allow
request private/JS/myscript1.js via 10.0.0.1/index.html - Allow
request private/JS/myscript2.js via 10.0.0.1/index.html - Allow
我这样写是为了阻止私有(private)文件夹访问:
<Directory /var/www/html/private/>
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
当我访问 10.0.0.1/private 时,这工作正常。但是当 index.html 请求 css , js 时,这会产生问题。
我如何处理 apache.conf 和 .htacess ?我怎么写规则?
有什么建议 ?
最佳答案
在您要允许的每个文件夹中创建 .htaccess 文件(例如:private/css/.htaccess)
引用:http://httpd.apache.org/docs/2.2/mod/core.html#require
Satisfy Any
Order Allow,Deny
Allow from all
编辑:
Removing controls in subdirectories
The following example shows how to use the Satisfy directive to disable access controls in a subdirectory of a protected directory. This technique should be used with caution, because it will also disable any access controls imposed by mod_authz_host.
<Directory /path/to/protected/>
Require user david
</Directory>
<Directory /path/to/protected/unprotected>
# All access controls and authentication are disabled
# in this directory
Satisfy Any
Allow from all
</Directory>
关于html - 如何阻止直接访问 Apache 中的特定目录和文件?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40672208/