【问题标题】:Rewrite file extension BUT deny direct access to file重写文件扩展名但拒绝直接访问文件
【发布时间】:2011-11-29 05:43:25
【问题描述】:
我正在寻找一种通过 .htaccess 隐藏文件扩展名并拒绝直接访问的方法。让我们考虑以下几点:
http://www.xyz.zyx/index.php
转换成
http://www.xyz.zyx/index OR http://www.xyz.zyx/
到目前为止一切顺利。我接下来要做的是在用户尝试直接访问时阻止或重定向。例如,如果用户在 URL 栏中键入以下(扩展名),则阻止或重定向:
http://www.xyz.zyx/index.php
我检查了其他问题的其他答案,但似乎不是。
提前感谢您帮助像我这样的新手。
【问题讨论】:
标签:
php
security
rewrite
hide
【解决方案1】:
虽然有人可能会质疑这种东西的用处,但它是可行的,所以这里是如何在 .htaccess 中使用 mod_rewrite 做到这一点:
RewriteEngine On
# Sets your index script
RewriteRule ^$ index.php [L]
# Condition prevents redirect loops (when script is not found)
RewriteCond %{ENV:REDIRECT_STATUS} !^$
RewriteCond %{REQUEST_FILENAME} !-f
# Stop here if the file is not found after a redirect
RewriteRule ^(.*)$ notfound.php [L]
# Condition prevents redirect loops (when script is found)
RewriteCond %{ENV:REDIRECT_STATUS} ^$
# Forbid access directly to PHP files
RewriteRule ^.*?\.php$ forbidden [F,L]
# Make sure the filename does not actually exist (images, etc.)
RewriteCond %{REQUEST_FILENAME} !-f
# Append the .php extension to the URI
RewriteRule ^(.*)$ $1.php [L]