在PHP網站開發中,為了讓網站目錄文件和程序代碼的安全考慮,我們必須對某些目錄或者文件的訪問權限進行控制,來提高網站的安全,那么我們怎樣來實現這種功能呢?這時候可以配置Apache來禁止網站以目錄的形式列出網站內容.
在Apache中沒有配置禁止目錄訪問時候,當你訪問 http://localhost時會列出相關的目錄和文件列表,我們可以通過修改Apache配置文件httpd.conf來實現禁止列出目錄/文件列表,方法如下.
1����、打開apache的配置文件“httpd.conf”
2�����、找到以下部分:
- <Directory />
-
- Options Indexes
-
- AllowOverride None
-
- Order allow,deny
-
- Allow from all
-
- </Directory>
只需將Options Indexes修改為Options None即可.
注:根據PHP運行環境安裝包的不同,Options Indexes也有可能是Options Indexes FollowSymLinks,一并改為Options None即可,保存httpd.conf,重啟apache,如果此時不行,繼續修改下面的配置:
- <Directory "E:/web">
-
- #
-
- # Possible values for the Options directive are "None", "All",
-
- # or any combination of:
-
- # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
-
- #
-
- # Note that "MultiViews" must be named *explicitly* --- "Options All"
-
- # doesn't give it to you.
-
- #
-
- # The Options directive is both complicated and important. Please see
-
- # http:
-
- # for more information.
-
- #
-
- Options none
-
- #
-
- # AllowOverride controls what directives may be placed in .htaccess files.
-
- # It can be "All", "None", or any combination of the keywords:
-
- # Options FileInfo AuthConfig Limit
-
- #
-
- AllowOverride None
-
- #
-
- # Controls who can get stuff from this server.
-
- #
-
- Order allow,deny
-
- Allow from all
-
- </Directory>
-
如上:將里面紅色的部分,一并改過來就行了.
3�、保存httpd.conf,并重啟Apache即可,此時再訪問 http://localhost時,如果沒有index.html或者index.php這些默認的文件時,就會報apache http 403 禁止訪問錯誤信息.
Forbidden You don’t have permission to access / on this server.
