发表新帖
发表新帖

Blocking external access to directory but allowing SSI access (or, How does the `FilesMatch` directive actually work?)

后端 未结
关注
2 1138
遇见更好的自我
遇见更好的自我 2021-01-25 23:32

On an old site, where i was using PHP, I had a .htaccess in directory /noaccess as follows:

# /noaccess/.htaccess
2条回答
  • 长情又很酷
    长情又很酷 (楼主)
    2021-01-26 00:22

    As far as I know by experience, mod_include follows the limits of the client, so you cannot do what you want with apache directives.

    If you want to hide the included files you can disable directory indexes with the Options -Indexes directive on your .htaccess file, though. Also, you can name the included files in a hard to guess way.

    My prefered option would be using uuids, you can generate them with online tools or install some utility on your workstation:

    itorres@localhost$ uuid
6e8feb48-1a3b-11e0-a0e3-00505624a126
itorres@localhost$ vi noaccess/6e8feb48-1a3b-11e0-a0e3-00505624a126.ssi

    0 讨论(0)
 看不清?
提交回复
热议问题