问题
I deployed Node.js application to linux server, and it works well.
But, I can direct access to specific file in browser to typing url.
http://my-node-app.com/package.json
I can see all the things, even if
http://my-node-app.com/config/config.json
It shows my configuration include password. It would not shown except server itself, how can I restrict access?
I added .htaccess file in var/www/, and added this code,
<Directory "my-node-app">
Deny from all
</Directory>
But it not works, and I tried /etc/apache2/site-enabled/000-default, add like above code, but it's not work. I googled and adding codes but It's not work and I don't know it is related with apache2 or not. Node.js needs Apache2? Anyway, How can I prevent this direct access from url include wget?
回答1:
Self Answer
I coded like this :
app.use(express.static(path.join(__dirname)));
So all of files in dirname will be shown, Someone has same problem like me, It related your static files route. Check it, and then specify your static files folder not just __dirname, but __dirname/somefolder.
回答2:
You can restrict it by
app.all(['*index.js*', '*_helpers/**', '*models/**', '*package.json*', '*bower.json*', '*README.md*', '*Public/**'], function (req, res, next){
res.send({ auth: false });
});
来源:https://stackoverflow.com/questions/36230281/prevent-direct-url-access-from-node-js-application