symfony2 .htaccess web 文件夹阻止访问某些子文件夹
symfony2 .htaccess web folder block access to some sub folder
我在 web 文件夹中有以下子文件夹。
- /themes/shop/1/html
- /themes/shop/1/asset
- /themes/shop/2/html
- /themes/shop/2/asset
我想阻止访问主题文件夹内的任何 html 文件夹,只允许访问所有资产文件夹。
如何使用 .htaccess 或 symfony2 访问控制实现此目的?
您可以使用 .htaccess 执行此操作,方法是向用户提供 HTTP 403 - 如果他们尝试访问它们,将出现禁止错误:
RewriteRule ^/themes/shop/(.*)/html(.*) - [L,R=403]
或者,如果您更喜欢 404 - 未找到:
RewriteRule ^/themes/shop/(.*)/html(.*) - [L,R=404]
既然你提到你正在使用 Symfony,你还应该注意将规则放在正确的位置,以免其他重写规则接管:
<IfModule mod_rewrite.c>
RewriteEngine On
#Put them first, otherwise they might get routed elsewhere
RewriteRule ^/themes/shop/(.*)/html(.*) - [L,R=403]
#...
</IfModule>
根据评论和 a gist linked by @basit:您可以添加额外的检查以确保对资源的任何请求:存在,实际上是资产文件,并且仅包含在资产文件夹中。
# contents of the gist linked above - in case the link ever breaks
# If the requested filename exists, simply serve it.
# We only want to let Apache serve files and not directories.
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_URI} !^/themes/stores/(.*)
RewriteCond %{REQUEST_URI} !^/themes/shop/(.*)
RewriteRule .? - [L]
# allow stores asset folder only
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g|png|js|css|svg|svgz|eot|otf|woff|woff2|ttf|swf|php|ico|txt|pdf|xml)$
RewriteCond %{REQUEST_URI} ^/themes/stores/(.*)/asset/.*
RewriteRule .? - [L]
# allow shop asset folder only
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g|png|js|css|svg|svgz|eot|otf|woff|woff2|ttf|swf|php|ico|txt|pdf|xml)$
RewriteCond %{REQUEST_URI} ^/themes/shop/(.*)/asset/.*
RewriteRule .? - [L]
我在 web 文件夹中有以下子文件夹。
- /themes/shop/1/html
- /themes/shop/1/asset
- /themes/shop/2/html
- /themes/shop/2/asset
我想阻止访问主题文件夹内的任何 html 文件夹,只允许访问所有资产文件夹。
如何使用 .htaccess 或 symfony2 访问控制实现此目的?
您可以使用 .htaccess 执行此操作,方法是向用户提供 HTTP 403 - 如果他们尝试访问它们,将出现禁止错误:
RewriteRule ^/themes/shop/(.*)/html(.*) - [L,R=403]
或者,如果您更喜欢 404 - 未找到:
RewriteRule ^/themes/shop/(.*)/html(.*) - [L,R=404]
既然你提到你正在使用 Symfony,你还应该注意将规则放在正确的位置,以免其他重写规则接管:
<IfModule mod_rewrite.c>
RewriteEngine On
#Put them first, otherwise they might get routed elsewhere
RewriteRule ^/themes/shop/(.*)/html(.*) - [L,R=403]
#...
</IfModule>
根据评论和 a gist linked by @basit:您可以添加额外的检查以确保对资源的任何请求:存在,实际上是资产文件,并且仅包含在资产文件夹中。
# contents of the gist linked above - in case the link ever breaks
# If the requested filename exists, simply serve it.
# We only want to let Apache serve files and not directories.
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_URI} !^/themes/stores/(.*)
RewriteCond %{REQUEST_URI} !^/themes/shop/(.*)
RewriteRule .? - [L]
# allow stores asset folder only
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g|png|js|css|svg|svgz|eot|otf|woff|woff2|ttf|swf|php|ico|txt|pdf|xml)$
RewriteCond %{REQUEST_URI} ^/themes/stores/(.*)/asset/.*
RewriteRule .? - [L]
# allow shop asset folder only
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g|png|js|css|svg|svgz|eot|otf|woff|woff2|ttf|swf|php|ico|txt|pdf|xml)$
RewriteCond %{REQUEST_URI} ^/themes/shop/(.*)/asset/.*
RewriteRule .? - [L]