0
这是一个奇怪的配置,我会给你,但我希望拒绝访问我们系统中的所有文件夹,但它必须能够访问,拒绝所有文件夹,除了/index.php和两个文件夹
/index.php (Wordpress bootloader)
/wp-*/* (e.g. wp-content, wp-admin, etc.)
/templates/* (some of our templates and custom content)
其他一切都被拒绝(并且有数百个文件夹)。
我遇到的问题是允许index.php和2个文件夹,然后否认/ /里面的所有内容。
我应该能够接受,
http://example.com/
http://example.com/index.php
http://example.com/wp-content/...
http://example.com/wp-admin/...
http://example.com/wp-includes/...
http://example.com/templates/template.css
http://example.com/templates/subfolder/js/file.js
和拒绝,
http://example.com/thisIsAFolder
http://example.com/thisIsAnotherFolder
这是我应得的
<VirtualHost *:80>
ServerName example.com
DirectoryIndex index.php
DocumentRoot /var/www/
<Directory />
Order deny,allow
Deny from all
</Directory>
<Files index.php>
Allow from all
</Files>
<Directory "/var/www(/|/wp*/|/templates/)">
Allow from all
Options FollowSymLinks
RewriteEngine On
RewriteBase/
RewriteRule ^index\.php$ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule^- [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) wp/$2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ wp/$2 [L]
RewriteRule . index.php [L]
</Directory>
</VirtualHost>
但我Red Hat Enterprise Linux Test Page
(使用CentOS的)不断收到它允许子目录,因为我允许/
。
编辑
这是Apache的配置,结束了我的工作。非常感谢Jon Lin的帮助。
<VirtualHost *:80>
ServerName example.com
DirectoryIndex index.php
DocumentRoot /var/www/
# first, deny all access
<Directory />
Order deny,allow
Deny from all
</Directory>
# then start to allow access where required
<Files index.php>
Allow from all
</Files>
<Directory "/var/www/">
Allow from all
Options FollowSymLinks
RewriteEngine On
RewriteBase/
# go directly to index.php if it is accessed
RewriteRule ^index\.php$ - [L]
# re-write URL for wp-admin access
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
# re-write wp-* access to route through wp/
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) wp/$2 [L]
# re-write all .php files to route through wp/
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ wp/$2 [L]
# go directly to real files and directories
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule^- [L]
# respond to all other URLs by passing them through index.php
RewriteCond %{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
# deny access if URL doesn't start with these
RewriteCond %{REQUEST_URI} !^/(index\.php)?$
RewriteCond %{REQUEST_URI} !^/wp-[^/]+/
RewriteCond %{REQUEST_URI} !^/templates/
RewriteRule^- [L,F]
</Directory>
</VirtualHost>
我最终要求稍微调整,但你让我在正确的方向,没问题。谢谢。在上面的修改中发布。 – bafromca