.htaccess:要求所有拒绝不尊重
.htaccess: Require all denied not respected
我已经阅读了面包师的许多类似问题,其中发现的常见问题并没有帮助我解决这个问题。我真的需要一些帮助来解决这个问题。接下来我应该尝试什么?有没有办法解决为什么不遵守这些规则?
这是 Inmotion 主机 vps 上的 Wordpress 环境,使用 WHM/cPanel 和 Apache 2.4。 Nginx 未用于缓存此帐户。
我需要拒绝访问子目录中的 PDF,特别是:
/public_html/wp-content/uploads/gravity_forms/fillablepdfs/
我的网站根目录.htaccess如下
/public_html/.htaccess
AllowOverride All
# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END Wordfence WAF
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php74” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php74 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
我在 web-root .htaccess 和相关目录路径中的子目录中尝试了很多组合。
这些没有用:
/public_html/wp-content/uploads/gravity_forms/fillablepdfs/.htaccess
Order deny,allow
Deny from all
Require all denied
<Files "*.pdf">
Order deny,allow
Deny from all
</Files>
<Files "*.pdf">
Require all denied
</Files>
在这些失败后,我向上移动目录尝试相同的操作,直到我再次到达 web-root .htaccess,在那里我尝试了以下操作。
/public_html/.htaccess
AllowOverride All
. . .
# BEGIN fillable-pdfs
# Restrict access to generated pdfs directory.
<Files "*.pdf">
Require all denied
</Files>
# END fillable-pdfs
AllowOverride All
. . .
# BEGIN fillable-pdfs
# Restrict access to generated pdfs directory.
<Files "*.pdf">
Order deny,allow
Deny from all
</Files>
# END fillable-pdfs
AllowOverride All
. . .
# BEGIN fillable-pdfs
# Restrict access to generated pdfs directory.
<Files "*.pdf">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END fillable-pdfs
AllowOverride All
. . .
# BEGIN fillable-pdfs
# Restrict access to generated pdfs directory.
<Files "wp-content/uploads/gravity_forms/fillablepdfs/*.pdf">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END fillable-pdfs
AllowOverride All
. . .
# BEGIN fillable-pdfs
# Restrict access to generated pdfs directory.
<Files "./wp-content/uploads/gravity_forms/fillablepdfs/*.pdf">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END fillable-pdfs
None 个有效。
路径上还有另外两个 .htaccess 文件。他们是:
/public_html/wp-content/uploads/.htaccess
# BEGIN WebP Express
# The rules below have been dynamically created by WebP Express in accordance with the plugin settings
# DO NOT EDIT MANUALLY (unless you are prepared that your changes might be overridden by WebP Express)
# The following parameters have been in play to produce the rules:
#
# WebP Express options:
# - Operation mode: varied-image-responses
# - Redirection to existing webp: enabled
# - Redirection to converter: enabled
# - Redirection to converter to create missing webp files upon request for the webp: enabled
# - Destination folder: separate
# - Destination extension: append
# - Destination structure: image-roots
# - Image types: jpeg, png
# - Alter HTML enabled?: yes
#
# Wordpress/Server configuration:
# - Document root availablity: Available and its "realpath" is available too. Can be used for structuring cache dir.
#
# .htaccess capability test results:
# - mod_header working?: yes
# - pass variable from .htaccess to script through header working?: no
# - pass variable from .htaccess to script through environment variable working?: yes
#
# Role of the dir that this .htaccess is located in:
# - Is this .htaccess in a dir containing source images?: yes
# - Is this .htaccess in a dir containing webp images?: no
# Rules for handling requests for source images
# ---------------------------------------------
<IfModule mod_rewrite.c>
RewriteEngine On
# Escape hatch #1: Adding ?dontreplace to an url can be used to bypass redirection
RewriteCond %{QUERY_STRING} dontreplace$
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule . - [L]
# Escape hatch #2: Placing an empty file in the same folder as the jpeg/png which has same file name, but ".dontreplace" appended will bypass redirection
RewriteCond %{REQUEST_FILENAME} (?i)(.*)(\.jpe?g|\.png)$
RewriteCond %1%2\.dontreplace -f
RewriteRule . - [L]
# Deprecated escape hatch: Adding ?original to an url can be used to bypass redirection
RewriteCond %{QUERY_STRING} original$
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule . - [L]
# Deprecated escape hatch: Placing an empty file in the same folder as the jpeg/png which has same file name, but ".do-not-convert" appended will bypass redirection
RewriteCond %{REQUEST_FILENAME} (?i)(.*)(\.jpe?g|\.png)$
RewriteCond %1%2\.do-not-convert -f
RewriteRule . - [L]
# Avoid redirecting to webp files that are bigger than the original
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} (?i)(/home/***/public_html/wp-content/uploads/)(.*)(\.jpe?g|\.png)$
RewriteCond /home/***/public_html/wp-content/webp-express/webp-images-bigger-than-source/uploads/%2%3.webp -f
RewriteRule . - [L]
# Redirect to existing converted image in cache-dir (if browser supports webp)
RewriteCond %{HTTP_ACCEPT} image/webp
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} (?i)(/home/***/public_html/wp-content/uploads/)(.*)(\.jpe?g|\.png)$
RewriteCond /home/***/public_html/wp-content/webp-express/webp-images/uploads/%2%3.webp -f
RewriteRule (?i)(.*)(\.jpe?g|\.png)$ /wp-content/webp-express/webp-images/uploads/%2%3\.webp [T=image/webp,E=EXISTING:1,E=ADDVARY:1,L]
# Redirect images to webp-on-demand.php (if browser supports webp)
RewriteCond %{HTTP_ACCEPT} image/webp
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} (?i)(.*)(\.jpe?g|\.png)$
RewriteRule (?i).*$ /wp-content/plugins/webp-express/wod/webp-on-demand.php [E=WE_WP_CONTENT_REL_TO_WE_PLUGIN_DIR:../../,E=WE_SOURCE_REL_HTACCESS:[=20=],E=WE_HTACCESS_ID:uploads,NC,L]
# Make sure that browsers which does not support webp also gets the Vary:Accept header
# when requesting images that would be redirected to webp on browsers that does.
<IfModule mod_headers.c>
<FilesMatch "(?i)\.(jpe?g|png)$">
Header append "Vary" "Accept"
</FilesMatch>
</IfModule>
</IfModule>
# END WebP Express
/public_html/wp-content/uploads/gravity_forms/.htaccess
# BEGIN Gravity Forms
# The directives (lines) between "BEGIN Gravity Forms" and "END Gravity Forms" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
# Disable parsing of PHP for some server configurations. This file may be removed or modified on certain server configurations by using by the gform_upload_root_htaccess_rules filter. Please consult your system administrator before removing this file.
<Files *>
SetHandler none
SetHandler default-handler
Options -ExecCGI
RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
</Files>
<IfModule mod_php5.c>
php_flag engine off
</IfModule>
<IfModule headers_module>
Header set X-Robots-Tag "noindex"
</IfModule>
# END Gravity Forms
Nginx 配置为绕过 Apache 以“加速静态内容”。
禁用它允许 .htaccess 文件在 .txt、.pdf 等上运行...
我已经阅读了面包师的许多类似问题,其中发现的常见问题并没有帮助我解决这个问题。我真的需要一些帮助来解决这个问题。接下来我应该尝试什么?有没有办法解决为什么不遵守这些规则?
这是 Inmotion 主机 vps 上的 Wordpress 环境,使用 WHM/cPanel 和 Apache 2.4。 Nginx 未用于缓存此帐户。
我需要拒绝访问子目录中的 PDF,特别是:
/public_html/wp-content/uploads/gravity_forms/fillablepdfs/
我的网站根目录.htaccess如下
/public_html/.htaccess
AllowOverride All
# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END Wordfence WAF
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php74” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php74 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
我在 web-root .htaccess 和相关目录路径中的子目录中尝试了很多组合。
这些没有用:
/public_html/wp-content/uploads/gravity_forms/fillablepdfs/.htaccess
Order deny,allow
Deny from all
Require all denied
<Files "*.pdf">
Order deny,allow
Deny from all
</Files>
<Files "*.pdf">
Require all denied
</Files>
在这些失败后,我向上移动目录尝试相同的操作,直到我再次到达 web-root .htaccess,在那里我尝试了以下操作。
/public_html/.htaccess
AllowOverride All
. . .
# BEGIN fillable-pdfs
# Restrict access to generated pdfs directory.
<Files "*.pdf">
Require all denied
</Files>
# END fillable-pdfs
AllowOverride All
. . .
# BEGIN fillable-pdfs
# Restrict access to generated pdfs directory.
<Files "*.pdf">
Order deny,allow
Deny from all
</Files>
# END fillable-pdfs
AllowOverride All
. . .
# BEGIN fillable-pdfs
# Restrict access to generated pdfs directory.
<Files "*.pdf">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END fillable-pdfs
AllowOverride All
. . .
# BEGIN fillable-pdfs
# Restrict access to generated pdfs directory.
<Files "wp-content/uploads/gravity_forms/fillablepdfs/*.pdf">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END fillable-pdfs
AllowOverride All
. . .
# BEGIN fillable-pdfs
# Restrict access to generated pdfs directory.
<Files "./wp-content/uploads/gravity_forms/fillablepdfs/*.pdf">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
# END fillable-pdfs
None 个有效。
路径上还有另外两个 .htaccess 文件。他们是:
/public_html/wp-content/uploads/.htaccess
# BEGIN WebP Express
# The rules below have been dynamically created by WebP Express in accordance with the plugin settings
# DO NOT EDIT MANUALLY (unless you are prepared that your changes might be overridden by WebP Express)
# The following parameters have been in play to produce the rules:
#
# WebP Express options:
# - Operation mode: varied-image-responses
# - Redirection to existing webp: enabled
# - Redirection to converter: enabled
# - Redirection to converter to create missing webp files upon request for the webp: enabled
# - Destination folder: separate
# - Destination extension: append
# - Destination structure: image-roots
# - Image types: jpeg, png
# - Alter HTML enabled?: yes
#
# Wordpress/Server configuration:
# - Document root availablity: Available and its "realpath" is available too. Can be used for structuring cache dir.
#
# .htaccess capability test results:
# - mod_header working?: yes
# - pass variable from .htaccess to script through header working?: no
# - pass variable from .htaccess to script through environment variable working?: yes
#
# Role of the dir that this .htaccess is located in:
# - Is this .htaccess in a dir containing source images?: yes
# - Is this .htaccess in a dir containing webp images?: no
# Rules for handling requests for source images
# ---------------------------------------------
<IfModule mod_rewrite.c>
RewriteEngine On
# Escape hatch #1: Adding ?dontreplace to an url can be used to bypass redirection
RewriteCond %{QUERY_STRING} dontreplace$
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule . - [L]
# Escape hatch #2: Placing an empty file in the same folder as the jpeg/png which has same file name, but ".dontreplace" appended will bypass redirection
RewriteCond %{REQUEST_FILENAME} (?i)(.*)(\.jpe?g|\.png)$
RewriteCond %1%2\.dontreplace -f
RewriteRule . - [L]
# Deprecated escape hatch: Adding ?original to an url can be used to bypass redirection
RewriteCond %{QUERY_STRING} original$
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule . - [L]
# Deprecated escape hatch: Placing an empty file in the same folder as the jpeg/png which has same file name, but ".do-not-convert" appended will bypass redirection
RewriteCond %{REQUEST_FILENAME} (?i)(.*)(\.jpe?g|\.png)$
RewriteCond %1%2\.do-not-convert -f
RewriteRule . - [L]
# Avoid redirecting to webp files that are bigger than the original
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} (?i)(/home/***/public_html/wp-content/uploads/)(.*)(\.jpe?g|\.png)$
RewriteCond /home/***/public_html/wp-content/webp-express/webp-images-bigger-than-source/uploads/%2%3.webp -f
RewriteRule . - [L]
# Redirect to existing converted image in cache-dir (if browser supports webp)
RewriteCond %{HTTP_ACCEPT} image/webp
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} (?i)(/home/***/public_html/wp-content/uploads/)(.*)(\.jpe?g|\.png)$
RewriteCond /home/***/public_html/wp-content/webp-express/webp-images/uploads/%2%3.webp -f
RewriteRule (?i)(.*)(\.jpe?g|\.png)$ /wp-content/webp-express/webp-images/uploads/%2%3\.webp [T=image/webp,E=EXISTING:1,E=ADDVARY:1,L]
# Redirect images to webp-on-demand.php (if browser supports webp)
RewriteCond %{HTTP_ACCEPT} image/webp
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} (?i)(.*)(\.jpe?g|\.png)$
RewriteRule (?i).*$ /wp-content/plugins/webp-express/wod/webp-on-demand.php [E=WE_WP_CONTENT_REL_TO_WE_PLUGIN_DIR:../../,E=WE_SOURCE_REL_HTACCESS:[=20=],E=WE_HTACCESS_ID:uploads,NC,L]
# Make sure that browsers which does not support webp also gets the Vary:Accept header
# when requesting images that would be redirected to webp on browsers that does.
<IfModule mod_headers.c>
<FilesMatch "(?i)\.(jpe?g|png)$">
Header append "Vary" "Accept"
</FilesMatch>
</IfModule>
</IfModule>
# END WebP Express
/public_html/wp-content/uploads/gravity_forms/.htaccess
# BEGIN Gravity Forms
# The directives (lines) between "BEGIN Gravity Forms" and "END Gravity Forms" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
# Disable parsing of PHP for some server configurations. This file may be removed or modified on certain server configurations by using by the gform_upload_root_htaccess_rules filter. Please consult your system administrator before removing this file.
<Files *>
SetHandler none
SetHandler default-handler
Options -ExecCGI
RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
</Files>
<IfModule mod_php5.c>
php_flag engine off
</IfModule>
<IfModule headers_module>
Header set X-Robots-Tag "noindex"
</IfModule>
# END Gravity Forms
Nginx 配置为绕过 Apache 以“加速静态内容”。 禁用它允许 .htaccess 文件在 .txt、.pdf 等上运行...