Using htaccess, how to restrict seeing directory contents, but allow server to use the contents?

后端 未结 11 1809
既然无缘
既然无缘 2021-01-30 22:38

More specifically, I have an htaccess file that restricts anyone from seeing the directory contents. Such that, nobody can see my 1000s of images in www.example.com/images by us

相关标签:
11条回答
  • 2021-01-30 23:17

    Option 1 (Easy but not Preferable)-

    You do not need to create an index file like this-

    <html>
      <title>Forbidden!</title>
      <body>
        <h1>Access Denied !!</h1>
      </body>
    </html>

    And place it in each resource directories and directories you don't want to show users.

    Option 2 (More Preferable)-

    You can just add this at the end of your .htaccess file-

    Options -Indexes
    

    So, your .htaccess file may be like this-

    <IfModule mod_rewrite.c>
        <IfModule mod_negotiation.c>
            Options -MultiViews
        </IfModule>
    
        RewriteEngine On
    
        # Redirect Trailing Slashes If Not A Folder...
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteRule ^(.*)/$ /$1 [L,R=301]
    
        # Handle Front Controller...
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteRule ^ index.php [L]
    
        # Handle Authorization Header
        RewriteCond %{HTTP:Authorization} .
        RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    
        Options -Indexes
    </IfModule>
    

    If you do that and try to go to a directory, you would get something like this-


    So, no one will be able to discover any directory in server.

    More can be found here.

    0 讨论(0)
  • 2021-01-30 23:19

    in that folder which you want to show access forbidden create a file with name index.php and paste this code

    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head>
    <title>403 Forbidden</title>
    </head><body>
    <h1>Forbidden</h1>
    <p>You don't have permission to access This Folder
    on this server.</p>
    </body></html>

    0 讨论(0)
  • 2021-01-30 23:23

    All you need to keep people from seeing the directory contents is an index.php or .html file in that folder. Any requests for yoursite.com/images will load index.php, which you'll set to a dummy page.

    index.html could be something like:

    <html><title>Forbidden!</title><body>Nothing to see here...</body></html>
    

    or a redirect script index.php:

    <?php header('Location: /index.php'); exit(); ?>
    

    Don't use .htaccess for blocking directory listings, it blocks access to everything.

    0 讨论(0)
  • 2021-01-30 23:23

    Simplest solution : create a blank page name index.html in your image folder :)

    0 讨论(0)
  • 2021-01-30 23:35

    Magicianeer's suggestion is the best for this problem. If your images are broken into subfolders you'd have to put an index file in each one. 'Options -Indexes' only needs to be done once at the root.

    0 讨论(0)
  • 2021-01-30 23:40

    in .htaccess

    Options -Indexes
    

    http://httpd.apache.org/docs/current/mod/core.html#options

    0 讨论(0)
提交回复
热议问题