问题
I've figured out how to write something like
www.test.com/test
to
www.test.com/test.php.
This is useful to give a simpler browsing experience and obscure the use of the PHP. However, I'd like to go farther and disallow access to
www.test.com/test.php
completely, and allow access only through
www.test.com/test
in order to prevent people from discovering the use of PHP by simply trying it in a URL.
The problem is that if I disallow access to
www.test.com/test.php
then
www.test.com/test
no longer works, since the disallow rule is triggered after the rewrite to
www.test.com/test.php
is done.
Is this possible to do? Any alternative suggestions for hiding the programming language used are welcome.
回答1:
One thing you could do is locate the PHP files somewhere outside of the document root and use an AliasMatch directive. If your PHP files are in /var/www-php/www.test.com try
AliasMatch ^(.*)$ /var/www-php/www.test.com/$1.php
Usually when you want to disallow access to files except under specific conditions, moving them outside the document root is a good way to do that.
回答2:
Have a look at the "last rule" and "no continue" flag.
http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html
This is an example to block certain domains from hotlinking to your images.
You could apply it to your case (the NC flags is important) :
RewriteCond %{HTTP_REFERER} !^http://(www\.)?leech_site\.com/ [NC]
RewriteRule \.(gif|jpg|png)$ - [F,L]
来源:https://stackoverflow.com/questions/632921/apache-htaccess-forbidding-direct-access-to-a-file-but-allow-rewrites-to-go