Using htaccess, how to restrict seeing directory c

More specifically, I have an htaccess file that restricts anyone from seeing the directory contents. Such that, nobody can see my 1000s of images in www.example.com/images by using:

deny from all
allow from 127.0.0.1

However, I want to use these images on www.example.com such that, <img src="images/thisimg.jpg" /> works.

I hope I'm in the right direction, but I appreciate any insight/re-direct. This is similar to: How to protect all directory contents, but gain access to php script but I want to link to these images in that directory, and using deny from all does not allow me to do that.

Thanks in advance for your help.

标签： php .htaccess

11条回答

ゆ、 Hurt°

2楼-- · 2020-05-16 03:28

Option 1 (Easy but not Preferable)-

You do not need to create an index file like this-

<html>
  <title>Forbidden!</title>
  <body>
    <h1>Access Denied !!</h1>
  </body>
</html>

And place it in each resource directories and directories you don't want to show users.

Option 2 (More Preferable)-

You can just add this at the end of your .htaccess file-

Options -Indexes

So, your .htaccess file may be like this-

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews
    </IfModule>

    RewriteEngine On

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)/$ /$1 [L,R=301]

    # Handle Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    Options -Indexes
</IfModule>

If you do that and try to go to a directory, you would get something like this-

So, no one will be able to discover any directory in server.

More can be found here.

0人赞添加讨论(0) 举报

放我归山

3楼-- · 2020-05-16 03:29

To me I feel the easiest way of getting it done is with a redirect. On the images directory, just create an index page and in the index page you have a redirect to your site index page i.e

<?php
   header( 'Location: http://www.yoursite.com' ) ;
?>

So that whenever anyone tries to access the image page directly they end up going to your site's root.

0人赞添加讨论(0) 举报

倾城　Initia

4楼-- · 2020-05-16 03:31

deny from all allows files to be used by server side scripts but restricts complete web access.

0人赞添加讨论(0) 举报

啃猪蹄的小仙女

5楼-- · 2020-05-16 03:36

I use a trick which makes people think they've accessed a folder which doesn't exist.

Create a HTML file and add this:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
<head>
<title>404 Not Found</title>
</head>

<body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>

</body>
</html>

0人赞添加讨论(0) 举报

劳资没心，怎么记你

6楼-- · 2020-05-16 03:44

Magicianeer's suggestion is the best for this problem. If your images are broken into subfolders you'd have to put an index file in each one. 'Options -Indexes' only needs to be done once at the root.

0人赞添加讨论(0) 举报

三岁会撩人

7楼-- · 2020-05-16 03:45

Simplest solution : create a blank page name index.html in your image folder :)

0人赞添加讨论(0) 举报

1 2 下一页