时间戳

首页 > 解决方案 > 从 apache .htaccess 密码保护站点中排除目录中的文件

apache - 从 apache .htaccess 密码保护站点中排除目录中的文件

问题描述

我有密码保护我的应用程序目录,但出于某种原因,我必须公开访问文件夹中的文件。我研究并尝试了很多方法,但它不起作用。以下是我的代码。

# Welcome to your htaccess file.
# Remember that modifying this file can break the entire website
# so please edit carefully.

RewriteEngine On
RewriteBase /cms
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /cms/index.php/$1 [L]

<IfModule mod_env.c>
    SetEnv CI_ENV production
</IfModule>

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

AuthType Basic
AuthName "Restricted Area"

AuthUserFile /home/root/.htpasswd
require valid-user

# allow public access to the following resources
#SetEnvIf Request_URI "(folder/)$" allow
#SetEnvIf Request_URI "(path/folder\file.php)$" allow-Uri

# Deny by default 
# Order deny,allow
# Deny from all

Order allow,deny
#Allow from env=allow-Uri

<Files "path\to\file.php">
  Allow from all
</Files>

Satisfy ANY

我的项目文件夹结构如下:

root-folder
--sub-folder
  --file.php

截图: https ://ibb.co/R9j0QTW

标签: apache.htaccess

解决方案

这是应该如何完成的:

SetEnvIfNoCase Request_URI "^/path/to/file\.php" ALLOW_URI

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/root/.htpasswd
Require valid-user
Satisfy    any
Order      deny,allow
Deny from  all
Allow from env=ALLOW_URI

推荐阅读