1. 首页
  2. 问答
  3. 拒绝所有文件夹,除了/index.php和两个文件夹

拒绝所有文件夹,除了/index.php和两个文件夹

2014-01-28 115 views
0

这是一个奇怪的配置,我会给你,但我希望拒绝访问我们系统中的所有文件夹,但它必须能够访问,拒绝所有文件夹,除了/index.php和两个文件夹

/index.php (Wordpress bootloader) 
/wp-*/* (e.g. wp-content, wp-admin, etc.) 
/templates/* (some of our templates and custom content)

其他一切都被拒绝(并且有数百个文件夹)。

我遇到的问题是允许index.php和2个文件夹,然后否认/ /里面的所有内容。

我应该能够接受,

http://example.com/ 
http://example.com/index.php 
http://example.com/wp-content/... 
http://example.com/wp-admin/... 
http://example.com/wp-includes/... 
http://example.com/templates/template.css 
http://example.com/templates/subfolder/js/file.js

和拒绝,

http://example.com/thisIsAFolder 
http://example.com/thisIsAnotherFolder

这是我应得的

<VirtualHost *:80> 
    ServerName example.com 

    DirectoryIndex index.php 
    DocumentRoot /var/www/ 

    <Directory /> 
     Order deny,allow 
     Deny from all 
    </Directory> 

    <Files index.php> 
     Allow from all 
    </Files> 

    <Directory "/var/www(/|/wp*/|/templates/)"> 
     Allow from all 

     Options FollowSymLinks 

     RewriteEngine On 
     RewriteBase/

     RewriteRule ^index\.php$ - [L] 
     RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L] 

     RewriteCond %{REQUEST_FILENAME} -f [OR] 
     RewriteCond %{REQUEST_FILENAME} -d 

     RewriteRule^- [L] 
     RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) wp/$2 [L] 
     RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ wp/$2 [L] 
     RewriteRule . index.php [L] 
    </Directory> 
</VirtualHost>

但我Red Hat Enterprise Linux Test Page(使用CentOS的)不断收到它允许子目录,因为我允许/

编辑

这是Apache的配置,结束了我的工作。非常感谢Jon Lin的帮助。

<VirtualHost *:80> 
    ServerName example.com 

    DirectoryIndex index.php 
    DocumentRoot /var/www/ 

    # first, deny all access 
    <Directory /> 
     Order deny,allow 
     Deny from all 
    </Directory> 

    # then start to allow access where required 
    <Files index.php> 
     Allow from all 
    </Files> 

    <Directory "/var/www/"> 
     Allow from all 

     Options FollowSymLinks 

     RewriteEngine On 
     RewriteBase/

     # go directly to index.php if it is accessed 
     RewriteRule ^index\.php$ - [L] 

     # re-write URL for wp-admin access 
     RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L] 

     # re-write wp-* access to route through wp/ 
     RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) wp/$2 [L] 

     # re-write all .php files to route through wp/ 
     RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ wp/$2 [L] 

     # go directly to real files and directories 
     RewriteCond %{REQUEST_FILENAME} -f [OR] 
     RewriteCond %{REQUEST_FILENAME} -d 
     RewriteRule^- [L] 

     # respond to all other URLs by passing them through index.php 
     RewriteCond %{REQUEST_FILENAME} !-f [OR] 
     RewriteCond %{REQUEST_FILENAME} !-d 
     RewriteRule . index.php [L] 

     # deny access if URL doesn't start with these 
     RewriteCond %{REQUEST_URI} !^/(index\.php)?$ 
     RewriteCond %{REQUEST_URI} !^/wp-[^/]+/ 
     RewriteCond %{REQUEST_URI} !^/templates/ 
     RewriteRule^- [L,F] 
    </Directory> 
</VirtualHost>

来源

2014-01-28 bafromca

回答

1

你可以尝试添加:

RewriteCond %{REQUEST_URI} !^/(index\.php)?$ 
RewriteCond %{REQUEST_URI} !^/wp-[^/]+/ 
RewriteCond %{REQUEST_URI} !^/templates/ 
RewriteRule^- [L,F]

权之前:

RewriteCond %{REQUEST_FILENAME} -f [OR] 
RewriteCond %{REQUEST_FILENAME} -d

虽然这里的问题是,永久链接可能会打破,因为像一个请求:/posts/post-title/不匹配一个“允许”的URI。如果这是一个问题,然后将其移动到这条线之前:

RewriteRule . index.php [L]

来源

2014-01-28 23:28:36

+0

我最终要求稍微调整,但你让我在正确的方向,没问题。谢谢。在上面的修改中发布。 – bafromca

相关问题

 相关问题