Php 防止使用.htaccess直接访问公用文件夹中的文件夹不工作
我在公用文件夹中有一个文件夹,我试图阻止用户使用.htaccess文件直接访问此文件夹中的文件 例如,假设我试图阻止的文件夹名为Apple,Php 防止使用.htaccess直接访问公用文件夹中的文件夹不工作,php,.htaccess,web,security,Php,.htaccess,Web,Security,我在公用文件夹中有一个文件夹,我试图阻止用户使用.htaccess文件直接访问此文件夹中的文件 例如,假设我试图阻止的文件夹名为Apple, www.website.com/apples。到目前为止,如果有人输入www.website.com/apples/secretfile.php,则该文件似乎可以在不应该访问的时候访问 我在.htaccess文件中放置的代码如下所示: RewriteEngine on # -FrontPage- IndexIgnore .htaccess */.??*
www.website.com/appleswww.website.com/apples/secretfile.phpRewriteEngine on
# -FrontPage-
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
# Code below prevents people listing a directory index of the site's files
IndexIgnore *
<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName website.com
AuthUserFile /home/username/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/username/public_html/_vti_pvt/service.grp
RewriteEngine On
# turn on the mod_rewrite engine
RewriteCond %{REQUEST_FILENAME}.php -f
# IF the request filename with .php extension is a file which exists
RewriteCond %{REQUEST_URI} !/$
# AND the request is not for a directory
RewriteRule (.*) $1\.php [L]
# redirect to the php script with the requested filename
RewriteEngine on
# This code prevents hotlinking
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?website.com/.*$ [NC]
RewriteRule \.(gif|jpg|js|css)$ - [F]
# Error page redirects
ErrorDocument 400 /400.php
ErrorDocument 401 /401.php
ErrorDocument 403 /403.php
ErrorDocument 404 /404.php
ErrorDocument 500 /500.php
# Prevent people from viewing the htaccess file period
<Files .htaccess>
order allow,deny
deny from all
</Files>
# Bad bot prevention codes
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.* - [F,L]
重新编写引擎打开
#-首页-
IndexIgnore.htaccess*/.??**~*#*/HEADER**/README**/\u vti*
#下面的代码阻止人们列出网站文件的目录索引
IndexIgnore*
命令拒绝,允许
全盘否定
通融
命令拒绝,允许
全盘否定
AuthName网站
AuthUserFile/home/username/public_html/_vti_pvt/service.pwd
AuthGroupFile/home/username/public_html/_vti_pvt/service.grp
重新启动发动机
#打开mod_重写引擎
RewriteCond%{REQUEST_FILENAME}.php-f
#如果扩展名为.php的请求文件名是存在的文件
重写cond%{REQUEST_URI}/$
#并且请求不是为了一个目录
重写规则(.*)$1\.php[L]
#重定向到带有请求文件名的php脚本
重新启动发动机
#此代码防止热链接
重写cond%{HTTP_REFERER}^$
重写cond%{HTTP_REFERER}^http://(www\)?website.com/*$[NC]
重写规则\(gif | jpg | js | css)$-[F]
#错误页面重定向
ErrorDocument 400/400.php
ErrorDocument 401/401.php
ErrorDocument 403/403.php
ErrorDocument 404/404.php
ErrorDocument 500/500.php
#禁止人们查看htaccess文件期间
命令允许,拒绝
全盘否定
#错误的bot预防代码
重新启动发动机
重写COND%{HTTP_用户_代理}^黑寡妇[或]
重写cond%{HTTP\u USER\u AGENT}^Bot\mailto:craftbot@yahoo.com[或]
RewriteCond%{HTTP\u USER\u AGENT}^ChinaClaw[或]
RewriteCond%{HTTP\u USER\u AGENT}^Custo[或]
RewriteCond%{HTTP\u USER\u AGENT}^DISCo[或]
RewriteCond%{HTTP\u USER\u AGENT}^Download\Demon[或]
RewriteCond%{HTTP_USER_AGENT}^eCatch[或]
RewriteCond%{HTTP\u USER\u AGENT}^EirGrabber[或]
RewriteCond%{HTTP\u USER\u AGENT}^电子邮件虹吸[或]
RewriteCond%{HTTP\u USER\u AGENT}^EmailWolf[或]
RewriteCond%{HTTP\u USER\u AGENT}^Express\WebPictures[或]
RewriteCond%{HTTP\u USER\u AGENT}^ExtractorPro[OR]
RewriteCond%{HTTP\u USER\u AGENT}^EyeNetIE[或]
RewriteCond%{HTTP\u USER\u AGENT}^FlashGet[或]
RewriteCond%{HTTP\u USER\u AGENT}^GetRight[或]
重写cond%{HTTP\u USER\u AGENT}^GetWeb![或]
重写cond%{HTTP\u USER\u AGENT}^Go!齐拉[或]
RewriteCond%{HTTP\u USER\u AGENT}^继续,明白了[或]
RewriteCond%{HTTP\u USER\u AGENT}^GrabNet[或]
RewriteCond%{HTTP\u USER\u AGENT}^Grafula[或]
RewriteCond%{HTTP\u USER\u AGENT}^HMView[或]
RewriteCond%{HTTP\u USER\u AGENT}HTTrack[NC,或]
RewriteCond%{HTTP\u USER\u AGENT}^Image\Stripper[或]
RewriteCond%{HTTP\u USER\u AGENT}^Image\Sucker[或]
RewriteCond%{HTTP\u USER\u AGENT}Indy\Library[NC,或]
RewriteCond%{HTTP\u USER\u AGENT}^InterGET[或]
重写COND%{HTTP_用户_代理}^Internet\Ninja[或]
RewriteCond%{HTTP\u USER\u AGENT}^JetCar[或]
RewriteCond%{HTTP\u USER\u AGENT}^JOC\Web\Spider[或]
RewriteCond%{HTTP\u USER\u AGENT}^larbin[或]
RewriteCond%{HTTP\u USER\u AGENT}^LeechFTP[或]
RewriteCond%{HTTP\u USER\u AGENT}^Mass\Downloader[或]
RewriteCond%{HTTP\u USER\u AGENT}^MIDown\tool[或]
RewriteCond%{HTTP\u USER\u AGENT}^Mister\PiX[或]
RewriteCond%{HTTP_USER_AGENT}^Navroad[OR]
RewriteCond%{HTTP\u USER\u AGENT}^NearSite[或]
RewriteCond%{HTTP\u USER\u AGENT}^NetAnts[或]
RewriteCond%{HTTP_USER_AGENT}^NetSpider[或]
RewriteCond%{HTTP\u USER\u AGENT}^Net\Vampire[或]
RewriteCond%{HTTP\u USER\u AGENT}^NetZIP[或]
重写Cond%{HTTP_用户_代理}^八达通[或]
RewriteCond%{HTTP\u USER\u AGENT}^Offline\Explorer[或]
RewriteCond%{HTTP\u USER\u AGENT}^Offline\Navigator[或]
RewriteCond%{HTTP\u USER\u AGENT}^PageGrabber[或]
重写cond%{HTTP\u USER\u AGENT}^Papa\Foto[或]
RewriteCond%{HTTP_USER_AGENT}^pavuk[或]
RewriteCond%{HTTP_USER_AGENT}^pcBrowser[或]
RewriteCond%{HTTP\u USER\u AGENT}^RealDownload[或]
RewriteCond%{HTTP\u USER\u AGENT}^ReGet[或]
RewriteCond%{HTTP_用户_代理}^SiteSnagger[或]
RewriteCond%{HTTP\u USER\u AGENT}^智能下载[或]
RewriteCond%{HTTP\u USER\u AGENT}^SuperBot[或]
RewriteCond%{HTTP\u USER\u AGENT}^superhattp[或]
RewriteCond%{HTTP\u USER\u AGENT}^Surfbot[或]
RewriteCond%{HTTP\u USER\u AGENT}^抽头[或]
RewriteCond%{HTTP\u USER\u AGENT}^Teleport\Pro[或]
RewriteCond%{HTTP_USER_AGENT}^VoidEYE[或]
RewriteCond%{HTTP\u USER\u AGENT}^Web\Image\Collector[或]
RewriteCond%{HTTP\u USER\u AGENT}^Web\Sucker[或]
RewriteCond%{HTTP\u USER\u AGENT}^WebAuto[或]
RewriteCond%{HTTP_USER_AGENT}^WebCopier[或]
RewriteCond%{HTTP\u USER\u AGENT}^WebFetch[或]
RewriteCond%{HTTP\u USER\u AGENT}^WebGo\IS[或]
RewriteCond%{HTTP\u USER\u AGENT}^WebLeacher[或]
RewriteCond%{HTTP\u USER\u AGENT}^WebReaper[或]
RewriteCond%{HTTP_USER_AGENT}^WebSauger[或]
RewriteCond%{HTTP\u USER\u AGENT}^网站\提取器[或]
重写COND%{HTTP_用户_代理}^网站\Quester[或]
RewriteCond%{HTTP_USER_AGENT}^WebStripper[或]
RewriteCond%{HTTP_USER_AGENT}^WebWhacker[或]
RewriteCond%{HTTP\u USER\u AGENT}^WebZIP[或]
RewriteCond%{HTTP\u USER\u AGENT}^Wget[或]
RewriteCond%{HTTP\u USER\u AGENT}^寡妇[或]
RewriteCond%{HTTP\u USER\u AGENT}^WWWOFFLE[或]
RewriteCond%{HTTP_USER_AGENT}^Xaldon\WebSpider[或]
重写cond%{HTTP\u USER\u AGENT}^Zeus
重写规则^.*-[F,L]
那么我错过了什么?它仍然允许人们在该文件夹中键入文件的完整地址,而且尽我所能,它不应该允许人们这样做?在目录apples中,放置一个包含该指令的htaccess文件
Deny from all
Deny from all
xampp installation directory/apache/conf
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
AllowOverride None
RedirectMatch 404 /apples(/|$)
Deny from all