我在Web文件夹中有以下子文件夹。
我想阻止访问主题文件夹内的任何html文件夹,并仅允许访问所有资产文件夹。
如何使用.htaccess或symfony2访问控制来实现此目的?
您可以使用.htaccess来实现此目的,方法是为用户提供HTTP 403-禁止访问错误(如果他们尝试访问它们):
RewriteRule ^/themes/shop/(.*)/html(.*) - [L,R=403]
或者,如果您更喜欢404-Not Found:
RewriteRule ^/themes/shop/(.*)/html(.*) - [L,R=404]
既然您提到使用的是Symfony,则还应注意将规则放置在正确的位置,以免其他重写规则接管:
<IfModule mod_rewrite.c>
RewriteEngine On
#Put them first, otherwise they might get routed elsewhere
RewriteRule ^/themes/shop/(.*)/html(.*) - [L,R=403]
#...
</IfModule>
根据@basit链接的注释和要点,您可以添加其他检查,以确保对resource:的任何请求都存在,实际上是资产文件,并且仅包含在assets文件夹中。
# contents of the gist linked above - in case the link ever breaks
# If the requested filename exists, simply serve it.
# We only want to let Apache serve files and not directories.
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_URI} !^/themes/stores/(.*)
RewriteCond %{REQUEST_URI} !^/themes/shop/(.*)
RewriteRule .? - [L]
# allow stores asset folder only
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g|png|js|css|svg|svgz|eot|otf|woff|woff2|ttf|swf|php|ico|txt|pdf|xml)$
RewriteCond %{REQUEST_URI} ^/themes/stores/(.*)/asset/.*
RewriteRule .? - [L]
# allow shop asset folder only
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g|png|js|css|svg|svgz|eot|otf|woff|woff2|ttf|swf|php|ico|txt|pdf|xml)$
RewriteCond %{REQUEST_URI} ^/themes/shop/(.*)/asset/.*
RewriteRule .? - [L]
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句