1. 首頁
  2. 問答
  3. 拒絕所有文件夾,除了/index.php和兩個文件夾

拒絕所有文件夾,除了/index.php和兩個文件夾

2014-01-28 165 views
0

這是一個奇怪的配置,我會給你,但我希望拒絕訪問我們系統中的所有文件夾,但它必須能夠訪問,拒絕所有文件夾,除了/index.php和兩個文件夾

/index.php (Wordpress bootloader) 
/wp-*/* (e.g. wp-content, wp-admin, etc.) 
/templates/* (some of our templates and custom content)

其他一切都被拒絕(並且有數百個文件夾)。

我遇到的問題是允許index.php和2個文件夾,然後否認/ /裏面的所有內容。

我應該能夠接受,

http://example.com/ 
http://example.com/index.php 
http://example.com/wp-content/... 
http://example.com/wp-admin/... 
http://example.com/wp-includes/... 
http://example.com/templates/template.css 
http://example.com/templates/subfolder/js/file.js

和拒絕,

http://example.com/thisIsAFolder 
http://example.com/thisIsAnotherFolder

這是我應得的

<VirtualHost *:80> 
    ServerName example.com 

    DirectoryIndex index.php 
    DocumentRoot /var/www/ 

    <Directory /> 
     Order deny,allow 
     Deny from all 
    </Directory> 

    <Files index.php> 
     Allow from all 
    </Files> 

    <Directory "/var/www(/|/wp*/|/templates/)"> 
     Allow from all 

     Options FollowSymLinks 

     RewriteEngine On 
     RewriteBase/

     RewriteRule ^index\.php$ - [L] 
     RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L] 

     RewriteCond %{REQUEST_FILENAME} -f [OR] 
     RewriteCond %{REQUEST_FILENAME} -d 

     RewriteRule^- [L] 
     RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) wp/$2 [L] 
     RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ wp/$2 [L] 
     RewriteRule . index.php [L] 
    </Directory> 
</VirtualHost>

但我Red Hat Enterprise Linux Test Page(使用CentOS的)不斷收到它允許子目錄,因爲我允許/

編輯

這是Apache的配置,結束了我的工作。非常感謝Jon Lin的幫助。

<VirtualHost *:80> 
    ServerName example.com 

    DirectoryIndex index.php 
    DocumentRoot /var/www/ 

    # first, deny all access 
    <Directory /> 
     Order deny,allow 
     Deny from all 
    </Directory> 

    # then start to allow access where required 
    <Files index.php> 
     Allow from all 
    </Files> 

    <Directory "/var/www/"> 
     Allow from all 

     Options FollowSymLinks 

     RewriteEngine On 
     RewriteBase/

     # go directly to index.php if it is accessed 
     RewriteRule ^index\.php$ - [L] 

     # re-write URL for wp-admin access 
     RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L] 

     # re-write wp-* access to route through wp/ 
     RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) wp/$2 [L] 

     # re-write all .php files to route through wp/ 
     RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ wp/$2 [L] 

     # go directly to real files and directories 
     RewriteCond %{REQUEST_FILENAME} -f [OR] 
     RewriteCond %{REQUEST_FILENAME} -d 
     RewriteRule^- [L] 

     # respond to all other URLs by passing them through index.php 
     RewriteCond %{REQUEST_FILENAME} !-f [OR] 
     RewriteCond %{REQUEST_FILENAME} !-d 
     RewriteRule . index.php [L] 

     # deny access if URL doesn't start with these 
     RewriteCond %{REQUEST_URI} !^/(index\.php)?$ 
     RewriteCond %{REQUEST_URI} !^/wp-[^/]+/ 
     RewriteCond %{REQUEST_URI} !^/templates/ 
     RewriteRule^- [L,F] 
    </Directory> 
</VirtualHost>

來源

2014-01-28 bafromca

回答

1

你可以嘗試添加:

RewriteCond %{REQUEST_URI} !^/(index\.php)?$ 
RewriteCond %{REQUEST_URI} !^/wp-[^/]+/ 
RewriteCond %{REQUEST_URI} !^/templates/ 
RewriteRule^- [L,F]

權之前:

RewriteCond %{REQUEST_FILENAME} -f [OR] 
RewriteCond %{REQUEST_FILENAME} -d

雖然這裏的問題是,永久鏈接可能會打破,因爲像一個請求:/posts/post-title/不匹配一個「允許」的URI。如果這是一個問題,然後將其移動到這條線之前:

RewriteRule . index.php [L]

來源

2014-01-28 23:28:36

+0

我最終要求稍微調整,但你讓我在正確的方向,沒問題。謝謝。在上面的修改中發佈。 – bafromca

相關問題

 相關問題