Its been a long time since I've needed to crack open an .htaccess file...
自从我需要破解.htaccess文件以来已经很久了...
What is the simplest way to 40x prevent access to a specific file extension though out the entire site?
40x阻止访问整个站点的特定文件扩展名的最简单方法是什么?
5 个解决方案
#1
22
<FilesMatch "\.(htaccess|htpasswd|ini|log|sh|inc|bak)$">
Order Allow,Deny
Deny from all
</FilesMatch>
Loaded with some common extensions, add more as you need.
加载一些常见的扩展,根据需要添加更多。
#2
12
If you really want a 404 (and not a 403), you can use mod_rewrite:
如果你真的想要404(而不是403),你可以使用mod_rewrite:
RewriteEngine on
RewriteRule \.ext$ - [R=404]
#3
4
<FilesMatch "\.ext$">
Deny from all
</FilesMatch>
See the Apache documentation on FilesMatch and Deny
请参阅FilesMatch和Deny上的Apache文档
EDIT: Artefacto makes a good point, this will return 403, not 404, if that's important for your purposes
编辑:Artefacto提出了一个很好的观点,这将返回403,而不是404,如果这对您的目的很重要
#4
2
You can also deny access to file extensions using RedirectMatch directive :
您还可以使用RedirectMatch指令拒绝访问文件扩展名:
RedirectMatch 403 ^/.+\.(php|html|gif)$
This will return a 403 forbidden error for clients if they request any uri that ends with .php or .html or .gif . You can add more extensions to the pattern using a bar | .
如果客户端请求任何以.php或.html或.gif结尾的uri,则会为客户端返回403禁止错误。您可以使用条形|为图案添加更多扩展名。
#5
0
I like both @Chris Lawlor's and @starkeen's answers and since OP asked about "40x" I'm going to suggest redirecting to a 404 error since it doesn't give away the fact the files exist.
我喜欢@Chris Lawlor和@ starkeen的答案,因为OP询问“40x”我会建议重定向到404错误,因为它不会泄露文件存在的事实。
This is what I'm currently using in one of my projects:
这就是我目前在我的一个项目中使用的内容:
# Hide files not concerning the user
RedirectMatch 404 \.(htaccess|htpasswd|ini|log|sh|inc|bak|bkp|sql)$
#1
22
<FilesMatch "\.(htaccess|htpasswd|ini|log|sh|inc|bak)$">
Order Allow,Deny
Deny from all
</FilesMatch>
Loaded with some common extensions, add more as you need.
加载一些常见的扩展,根据需要添加更多。
#2
12
If you really want a 404 (and not a 403), you can use mod_rewrite:
如果你真的想要404(而不是403),你可以使用mod_rewrite:
RewriteEngine on
RewriteRule \.ext$ - [R=404]
#3
4
<FilesMatch "\.ext$">
Deny from all
</FilesMatch>
See the Apache documentation on FilesMatch and Deny
请参阅FilesMatch和Deny上的Apache文档
EDIT: Artefacto makes a good point, this will return 403, not 404, if that's important for your purposes
编辑:Artefacto提出了一个很好的观点,这将返回403,而不是404,如果这对您的目的很重要
#4
2
You can also deny access to file extensions using RedirectMatch directive :
您还可以使用RedirectMatch指令拒绝访问文件扩展名:
RedirectMatch 403 ^/.+\.(php|html|gif)$
This will return a 403 forbidden error for clients if they request any uri that ends with .php or .html or .gif . You can add more extensions to the pattern using a bar | .
如果客户端请求任何以.php或.html或.gif结尾的uri,则会为客户端返回403禁止错误。您可以使用条形|为图案添加更多扩展名。
#5
0
I like both @Chris Lawlor's and @starkeen's answers and since OP asked about "40x" I'm going to suggest redirecting to a 404 error since it doesn't give away the fact the files exist.
我喜欢@Chris Lawlor和@ starkeen的答案,因为OP询问“40x”我会建议重定向到404错误,因为它不会泄露文件存在的事实。
This is what I'm currently using in one of my projects:
这就是我目前在我的一个项目中使用的内容:
# Hide files not concerning the user
RedirectMatch 404 \.(htaccess|htpasswd|ini|log|sh|inc|bak|bkp|sql)$