仅允许通过.htaccess查看某些文件

i have almost 20 pages on server, but i want only a file named abc.php, which users can watch. i want if user forcefully open the other files like //example.com/some.php .htaccess shows 403 error.

我在服务器上有近20页，但我只想要一个名为abc.php的文件，用户可以观看。我想如果用户强行打开其他文件，如//example.com/some.php .htaccess显示403错误。

<Files ~ "^(?!(changepwd|login|register|remind|securitycode|registersuggest)\.php$).*(\.php)$">
AuthName "Reserved Area"
AuthType Basic
AuthUserFile path_to/.htpasswd
AuthGroupFile path_to/.htgroup
Order Deny,allow
Require group allowed_groups  
</Files>

this is the way i am currently using, but i think there can be more elegant solutions.

这是我目前使用的方式，但我认为可以有更优雅的解决方案。

2 个解决方案

#1

This .htaccess-file will only allow users to open index.php. Attempts to access any other files will result in a 403-error.

此.htaccess文件只允许用户打开index.php。尝试访问任何其他文件将导致403错误。

Order deny,allow
Deny from all

<Files "index.php">
    Allow from all
</Files>

If you also want to use authentication for some of the files, you may simply add the content from your current file at the end of my example.

如果您还想对某些文件使用身份验证，则可以在我的示例末尾添加当前文件中的内容。

#2

Its safest to move the files you don't want the users to access to a directory which is not in the root directory of the web server.

最安全的是移动您不希望用户访问不在Web服务器根目录中的目录的文件。

Like if the root directory of my site is this:

就像我的网站的根目录是这样的：

/var/www/html/my_web_site/public/index.php

I can put the non-public files in another directory like this:

我可以将非公共文件放在另一个目录中，如下所示：

/var/www/html/my_web_site/config.php
/var/www/html/my_web_site/auth.php
/var/www/html/my_web_site/db.php

And include the files like this in index.php:

并在index.php中包含这样的文件：

include("../config.php");
include("../auth.php");
include("../db.php");

Whit this, you don't have to risk to accidentally delete or forget to copy the .htaccess file.

这样，您不必冒险意外删除或忘记复制.htaccess文件。

#1