问题
I have a site where I want to disable certain extensions of file execution just for that folder.
EG: www.yoursite.com/cache/test.php
should not be executed.
I tried this code :
<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh|zip|exe|pl|jsp|asp|htm|sh|cgi|py|php)$">
Order Allow,Deny
Deny from all
</FilesMatch>
But this stopped my sites functionality.
I just want this rule to be applied inside cache folder but I can not place the .htaccess file inside because this folder is regularly cleared.
回答1:
All you have to do is place that .htaccess file within that specific cache folder.
.htaccessfiles provide a way to make configuration changes on a per-directory basis.
Apache HTTP Server Tutorial: .htaccess files
Placing that rule in your .htaccess file in the root of your website will enable those rules on your entire site.
If you want this rule to be enabled from outside that cache folder, you might want to try this rule in your main .htaccess file -
RewriteEngine On
RewriteRule ^cache/.*\.(htaccess|htpasswd|ini|...)$ /access_denied.php
The rule tests to see if the requested file's
- URL starts with
cache/ - contains any of the file extensions listed (separated with a pipe character)
If those conditions are all met, it passes that call to the access_denied.php script where you could display an appropriate error message.
回答2:
Try adding this line to you root .htaccess file :
RewriteRule ^cache/.*\.(htaccess|htpasswd|ini|phps?|fla|psd|log|sh|zip|exe|pl|jsp|asp|htm|sh|cgi|py)$ - [F]
The flag will result in displaying a 403 Forbidden Error
来源:https://stackoverflow.com/questions/11950049/disable-a-file-execution-inside-a-folder-htaccess-rule