问题
I have kind of a strange situation right now. Basically, my company is currently putting links to the latest builds of our software behind a gate, but once the user signs in, they can distribute the link to the builds. Free 30-day trials, unaccounted for.
So I would like to block access to URL /downloads/file.extension, or even just /downloads/ entirely, unless the referring URL is allowed_domain.com.
I would love to use .htaccess, but the hosting provider (WP Engine) we use has their servers set up on Nginx. Not only that, but I have to send my Nginx code to WP Engine for them to implement for me, which is not practical.
Thus, I am looking for a PHP ONLY solution, or a WordPress plugin that I apparently didn't notice.
And yes, I know this is a really stupid way for my company to be storing important files, but I need to fix this now until they come up with a better way.
回答1:
Unfortunately it is not possible to do what you described. That is because when someone tries to access a file from the site, the web server will first check if it exists and if it does, it will serve the file immediately. It does not go through any PHP code. Therefore you cannot write any PHP code that will intercept this request and block it.
回答2:
You could use this method that I'm using it. Enjoy.
You're going to need to list down those IP address.
<?php $allow = array("201.168.0.1", "456.789.123", "789.123.456"); //allowed IPs
if(!in_array($_SERVER['REMOTE_ADDR'], $allow) && !in_array($_SERVER["HTTP_X_FORWARDED_FOR"], $allow)) {
header("Location: http://yourdomain.com/index.php"); //redirect
exit();
} ?>
来源:https://stackoverflow.com/questions/42381021/php-allow-access-from-only-one-domain