0
我是新來的.htaccess,但必須採取這種方式來保護服務器上的圖片上傳文件夾。我目前使用的是上述所有說明上傳的腳本,但我無法鏈接到來自同一站點的圖像,我收到錯誤「服務器響應狀態500(內部服務器錯誤) 「如果我嘗試直接訪問成功上傳的文件(在網站上顯示它)。由於.htaccess獲取錯誤500
代碼來自here:
IndexIgnore *
AddHandler cgi-script .php .php2 .php3 .php4 .php5 .php6 .php7 .php8 .pl .py .js .jsp .asp .htm .html .shtml .sh .cgi
Options -ExecCGI -Indexes
RewriteEngine On
RewriteRule ^(php\.ini|\.htaccess) - [NC,F]
RewriteCond %{REQUEST_URI} ((php|my|bypass)?shell|remview.*|phpremoteview.*|sshphp.*|pcom|nstview.*|c99|c100|r57|webadmin.*|phpget.*|phpwriter.*|fileditor.*|locus7.*|storm7.*)\.(p?s?x?htm?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml) [NC,OR]
RewriteCond %{REQUEST_URI} (\.exe|\.php\?act=|\.tar|_vti|afilter=|algeria\.php|chbd|chmod|cmd|command|db_query|download_file|echo|edit_file|eval|evil_root|exploit|find_text|fopen|fsbuff|fwrite|friends_links\.|ftp|gofile|grab|grep|htshell|\ -dump|logname|lynx|mail_file|md5|mkdir|mkfile|mkmode|MSOffice|muieblackcat|mysql|owssvr\.dll|passthru|popen|proc_open|processes|pwd|rmdir|root|safe0ver|search_text|selfremove|setup\.php|shell|ShellAdresi\.TXT|spicon|sql|ssh|system|telnet|trojan|typo3|uname|unzip|w00tw00t|whoami|xampp) [NC,OR]
RewriteCond %{QUERY_STRING} (\.exe|\.tar|act=|afilter=|alter|benchmark|chbd|chmod|cmd|command|cast|char|concat|convert|create|db_query|declare|delete|download_file|drop|edit_file|encode|environ|eval|exec|exploit|find_text|fsbuff|ftp|friends_links\.|globals|gofile|grab|insert|localhost|logname|loopback|mail_file|md5|meta|mkdir|mkfile|mkmode|mosconfig|muieblackcat|mysql|order|passthru|popen|proc_open|processes|pwd|request|rmdir|root|scanner|script|search_text|select|selfremove|set|shell|sql|sp_executesql|spicon|ssh|system|telnet|trojan|truncate|uname|union|unzip|whoami) [NC]
RewriteRule .* - [F]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} \.(jpe?g?|png|gif)$ [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?mysite.com\. [NC]
RewriteRule \.(jpe?g?|png|gif)$ - [NC,F]
Order Allow,Deny
Deny from all
<FilesMatch "\.([Jj][Pp][Ee]?[Gg]?|[Pp][Nn][Gg]|[Gg][Ii][Ff])$">
Allow from all
</FilesMatch>
<FilesMatch ".*\.([^.]+)\.([^.]+)$">
Order Deny,Allow
Deny from all
</FilesMatch>
<LimitExcept GET POST>
Deny from all
</LimitExcept>
我正在尋找一個適合我的目標等教程,但沒有發現......也許你可以幫我修改上面的一個。謝謝!
UPDATE: 所以,如果我禁用
#AddHandler cgi-script .php .php2 .php3 .php4 .php5 .php6 .php7 .php8 .pl .py .js .jsp .asp .htm .html .shtml .sh .cgi
#Options -ExecCGI -Indexes
和
#RewriteCond %{HTTP_REFERER} !^$
#RewriteCond %{REQUEST_FILENAME} -f
#RewriteCond %{REQUEST_FILENAME} \.(jpe?g?|png|gif)$ [NC]
#RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?mysite.com\. [NC]
#RewriteRule \.(jpe?g?|png|gif)$ - [NC,F]
那麼圖片可以顯示的線,但它不是我的目標,因爲腳本還是可以的被執行。
你可以看看你的Apache的錯誤日誌?你有嗎? – deceze
是的,說是「[alert] .htaccess:選項不允許在這裏」 –
那麼,這將是原因,你的配置不允許'Options'行。你需要*那條線嗎? *可以*你重新配置你的Apache以允許該行? – deceze