问题
Here's my .htaccess
<Files *>
Order Deny,Allow
Deny from all
</Files>
<Files index.php>
Order Deny,Allow
Allow from all
</Files>
This is not working, cause if I type the hostname in my browser, it serves the index.php but apache doesn't seem to apply the Files instructions and instead returns a non-allowed file access page, I need typing the fullname document (e.g. 'index.php') to make it work. which is not really convenient...
how to proceed if I want users only access index files of each folder in my website ? all the other files are just script inclusions so i believe i'm doing right trying to make them inaccessible from the web (or maybe not, if only you have one reason to prove the other case).
Regardless the question above, is it the right way to do the job ? (I think the two directives here are not neat but it's the only way, well almost the only way that I know to avoid accesses to files).
回答1:
Not exactly sure why you need to do this, but you can use mod_setenvif (no need to wrap this inside a <Files>)
SetEnvIf Request_URI ^/index.php$ index
Order Allow,Deny
Allow from env=index
This will cause access to hostname.com/ to 403 but allow hostname.com/index.php. If you want to allow / as well, just add
SetEnvIf Request_URI ^/$ index
to the top. Of course, all this will make it so anything that index.php links to will also return a 403.
回答2:
<Files *?>
Order deny,allow
Deny from all
</Files>
You just need to add a question mark to match at least one character.
来源:https://stackoverflow.com/questions/7956385/deny-all-files-except-the-index-using-apache