在PHP网站开发中,为了让网站目录文件和程序代码的安全考虑,我们必须对某些目录或者文件的访问权限进行控制,来提高网站的安全,那么我们怎样来实现这种功能呢?这时候可以配置Apache来禁止网站以目录的形式列出网站内容.
在Apache中没有配置禁止目录访问时候,当你访问 http://localhost时会列出相关的目录和文件列表,我们可以通过修改Apache配置文件httpd.conf来实现禁止列出目录/文件列表,方法如下.
1、打开apache的配置文件“httpd.conf”
2、找到以下部分:
- <Directory />
-
- Options Indexes
-
- AllowOverride None
-
- Order allow,deny
-
- Allow from all
-
- </Directory>
只需将Options Indexes修改为Options None即可.
注:根据PHP运行环境安装包的不同,Options Indexes也有可能是Options Indexes FollowSymLinks,一并改为Options None即可,保存httpd.conf,重启apache,如果此时不行,继续修改下面的配置:
- <Directory "E:/web">
-
- #
-
- # Possible values for the Options directive are "None", "All",
-
- # or any combination of:
-
- # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
-
- #
-
- # Note that "MultiViews" must be named *explicitly* --- "Options All"
-
- # doesn't give it to you.
-
- #
-
- # The Options directive is both complicated and important. Please see
-
- # http:
-
- # for more information.
-
- #
-
- Options none
-
- #
-
- # AllowOverride controls what directives may be placed in .htaccess files.
-
- # It can be "All", "None", or any combination of the keywords:
-
- # Options FileInfo AuthConfig Limit
-
- #
-
- AllowOverride None
-
- #
-
- # Controls who can get stuff from this server.
-
- #
-
- Order allow,deny
-
- Allow from all
-
- </Directory>
-
如上:将里面红色的部分,一并改过来就行了.
3、保存httpd.conf,并重启Apache即可,此时再访问 http://localhost时,如果没有index.html或者index.php这些默认的文件时,就会报apache http 403 禁止访问错误信息.
Forbidden You don’t have permission to access / on this server. |