哪种方法更安全/适合使用的.htaccess阻止访问到一个子目录?子目录、哪种、适合、方法
我试图使用的.htaccess 来阻止外部访问我的网站的 /包括/ 目录只包括处理 PHP 文件。下面的'工作',但是这两种方法的我preFER后者的,因为它不会留下一个错误页面的用户。任何人都可以让我知道如果这是不太安全?
I'm trying to use .htaccess to block external access to my website's /includes/ directory which only includes processing PHP files. Both methods below 'work' but I prefer the latter because it doesn't leave the user with a error page. Can anybody let me know if it is less secure?
是更好地使用这样的:
<Directory "/includes">
Deny from all
</Directory>
或者这样:
RedirectMatch 301 ^/includes/.*$ http://www.mymainurl.com
或者是其他什么东西比较合适?
Or is something else more appropriate?
该网站的内容是动态通过index.php的服务,所以在文件/包括/ 文件夹,需要通过 PHP 的include函数。
The website content is dynamically served by an index.php, so files within the /includes/ folder need to remain accessible via PHP's include function.
推荐答案
另外,你可以返回404,使人们认为包括目录不存在一样:
Alternatively, you can return a 404 to make people think the includes directory doesn't even exist:
RewriteEngine On
RewriteRule ^includes/ - [L,R=404]
