我有一个文件夹 www.mysite/page/panel/soascripts / ,其中有10个不同的PHP文件。 我想防止访问文件夹 soascripts 及其中的php文件。除了 X-Requested-With = XMLHttpRequest (用于ajax)。 htaccess有可能吗?
I have a folder www.mysite/page/panel/soascripts/ where there are 10 different PHP files. I want to prevent access to the folder soascripts and the php files in it. Except X-Requested-With = XMLHttpRequest (for ajax). Is this possible with htaccess?
推荐答案在soascripts文件夹中的htaccess文件中:
In the htaccess file in your soascripts folder:
RewriteEngine On RewriteCond %{HTTP:X-Requested-With} !=XMLHttpRequest RewriteCond %{HTTP:X-REQUESTED-WITH} !^(XMLHttpRequest)$ RewriteRule \.php$ - [L,F]所以没有
X-Requested-With: XMLHttpRequest请求标头,响应将被禁止为403。
request header, the response will be a 403 forbidden.
编辑:
如果要将规则添加到文档根目录,则只需要包括以下路径:
If you want to add the rules to the document root, you just need to include the path:
RewriteCond %{HTTP:X-Requested-With} !=XMLHttpRequest RewriteCond %{HTTP:X-REQUESTED-WITH} !^(XMLHttpRequest)$ RewriteRule ^page/panel/soascripts/[^/.]+\.php$ - [L,F]请确保在任何类型的路由规则之前( 之前添加它(例如将内容发送到 index.php )。
Make sure to add it before any type of routing rules (like stuff being sent to index.php).
更多推荐
禁止使用.htaccess EXCEPT for XMLHttpRequest访问php文件(文件夹)
发布评论