當我們訪問某個網站時,在后面增加相應的目錄,就可以瀏覽到目錄,對於網站來說,是很不安全的。
解決辦法:
1、編輯httpd.conf文件
vi ./conf/httpd.conf
找到如下內容:
......
<Directory "C:/Program Files/Apache2.2/htdocs">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
......
在Options Indexes FollowSymLinks在Indexes前面加上 - 符號。
即: Options -Indexes FollowSymLinks
【備注:在Indexes前,加 + 代表允許目錄瀏覽;加 - 代表禁止目錄瀏覽。】
這樣的話就屬於整個Apache禁止目錄瀏覽了。
如果是在虛擬主機中,只要增加如下信息就行:
解決辦法:
1、編輯httpd.conf文件
vi ./conf/httpd.conf
找到如下內容:
......
<Directory "C:/Program Files/Apache2.2/htdocs">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
......
在Options Indexes FollowSymLinks在Indexes前面加上 - 符號。
即: Options -Indexes FollowSymLinks
【備注:在Indexes前,加 + 代表允許目錄瀏覽;加 - 代表禁止目錄瀏覽。】
這樣的話就屬於整個Apache禁止目錄瀏覽了。
如果是在虛擬主機中,只要增加如下信息就行:
注意:虛擬主機中,在上面的 Options Indexes FollowSymLinks 注釋掉,虛擬主機才起作用。
<Directory "D:\test">
Options -Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
這樣的話就禁止在test工程下進行目錄瀏覽。
備注: 切記莫把“Allow from all”改成 “Deny from all”,否則,整個網站都不能被打開。
Options -Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
這樣的話就禁止在test工程下進行目錄瀏覽。
備注: 切記莫把“Allow from all”改成 “Deny from all”,否則,整個網站都不能被打開。
http://morgan363.javaeye.com/blog/645363
請問Apache如何屏蔽目錄列表同時保留目錄訪問的默認頁面?
關鍵字: php
在Apache的配置文件httpd.conf中找到需要設置目錄的Directory屬性,並在Options一行去掉Indexes
比如說:
<Directory "d:\web">
Options Indexes FollowSymLinks
</Directory>
改為:
<Directory "d:\web">
Options FollowSymLinks
</Directory>
-----------------------------------------------------------------
Alias /edit/ "/home/dbphp/db/"
<Directory "/home/dbphp/db">
Options Indexes MultiViews => Options MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
把Indexes去掉后,就不允許列表了。
比如說:
<Directory "d:\web">
Options Indexes FollowSymLinks
</Directory>
改為:
<Directory "d:\web">
Options FollowSymLinks
</Directory>
-----------------------------------------------------------------
Alias /edit/ "/home/dbphp/db/"
<Directory "/home/dbphp/db">
Options Indexes MultiViews => Options MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
把Indexes去掉后,就不允許列表了。