我试图使用的.htaccess
来阻止外部访问我的网站的 /包括/
目录只包括处理 PHP
文件。下面的'工作',但是这两种方法的我preFER后者的,因为它不会留下一个错误页面的用户。任何人都可以让我知道如果这是不太安全?
I'm trying to use .htaccess
to block external access to my website's /includes/
directory which only includes processing PHP
files. Both methods below 'work' but I prefer the latter because it doesn't leave the user with a error page. Can anybody let me know if it is less secure?
是更好地使用这样的:
<Directory "/includes">
Deny from all
</Directory>
或者这样:
RedirectMatch 301 ^/includes/.*$ http://www.mymainurl.com
或者是其他什么东西比较合适?
Or is something else more appropriate?
该网站的内容是动态通过index.php的服务,所以在文件/包括/
文件夹,需要通过 PHP 的include函数。
The website content is dynamically served by an index.php, so files within the /includes/
folder need to remain accessible via PHP
's include function.
另外,你可以返回404,使人们认为包括目录不存在一样:
Alternatively, you can return a 404 to make people think the includes directory doesn't even exist:
RewriteEngine On
RewriteRule ^includes/ - [L,R=404]