问题
i have almost 20 pages on server, but i want only a file named abc.php, which users can watch. i want if user forcefully open the other files like //example.com/some.php .htaccess shows 403 error.
<Files ~ "^(?!(changepwd|login|register|remind|securitycode|registersuggest)\.php$).*(\.php)$">
AuthName "Reserved Area"
AuthType Basic
AuthUserFile path_to/.htpasswd
AuthGroupFile path_to/.htgroup
Order Deny,allow
Require group allowed_groups
</Files>
this is the way i am currently using, but i think there can be more elegant solutions.
回答1:
This .htaccess-file will only allow users to open index.php. Attempts to access any other files will result in a 403-error.
Order deny,allow
Deny from all
<Files "index.php">
Allow from all
</Files>
If you also want to use authentication for some of the files, you may simply add the content from your current file at the end of my example.
回答2:
Its safest to move the files you don't want the users to access to a directory which is not in the root directory of the web server.
Like if the root directory of my site is this:
/var/www/html/my_web_site/public/index.php
I can put the non-public files in another directory like this:
/var/www/html/my_web_site/config.php
/var/www/html/my_web_site/auth.php
/var/www/html/my_web_site/db.php
And include the files like this in index.php:
include("../config.php");
include("../auth.php");
include("../db.php");
Whit this, you don't have to risk to accidentally delete or forget to copy the .htaccess file.
来源:https://stackoverflow.com/questions/19617351/allowing-only-certain-files-to-view-by-htaccess