问题描述
我如何拒绝访问除位于根目录中的 PHP 之外的所有 load.PHP 文件?
我有:
RewriteCond %{HTTP_REFERER} !^http:// [NC]
RewriteCond %{HTTP_REFERER} !^http://*$ [NC]
RewriteCond %{REQUEST_FILENAME}.PHP !^/load.PHP$ [NC]
RewriteRule \.(PHP)$ - [F]
但是不行。我该如何解决? 谢谢。
编辑:
我的完整 htaccess(用于重写):
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
# Hidden .PHP extension
RewriteCond %{THE_REQUEST} \s/+(.+?)\.PHP[\s?] [NC]
RewriteRule ^ /%1 [R=301,NE,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.PHP -f
RewriteRule ^(.+?)/?$ $1.PHP [L]
# Hidden WWW from Url
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
# Deny Access to specific file (Without WWW)
RewriteCond %{HTTP_REFERER} !^http:// [NC]
RewriteCond %{HTTP_REFERER} !^http://*$ [NC]
RewriteCond %{REQUEST_URI} !^/loader\.PHP$ [NC]
RewriteRule \.(PHP)$ - [F]
# Redirect to https protocol if available
<IfModule mod_ssl.c>
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
</IfModule>
解决方法
你可以试试这个规则:
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/load(?:\.php)?$ [NC]
RewriteRule \.php$ - [F,NC]
RewriteCond %{HTTP_HOST} ^www\. [NC,OR]
RewriteCond %{HTTPS} !on
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L,NE]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.+?)/?$ $1.php [END]