dongling2038
2012-03-23 22:35 阅读 17
已采纳

通过使用mod_rewrite检查当前的PHP会话来保护图像不被直接访问

I'm working on a solution to a problem where users could potentially access images (in this case PDF files) stored in a folder off the server root. Normally, my application validates users through PHP scripts and sessions. What isn't happening right now is preventing non-logged in users from potentially accessing the PDFs.

The solution I'm looking for would (I think) need to be tied in with Apache. I saw an interesting solution using RewriteMap & RewriteRule, however the example involved putting this in an .htaccess file in the PDF directory. Can't do that with Apache (error: RewriteMap not allowed here). I believe the rewrite directives need to go in my httpd.conf, which I have access to.

So the example I found (that resulted in 'rewritemap not allowed here') is here: RewriteEngine On RewriteMap auth prg:auth.php RewriteRule (.*) ${auth:$1}

auth.php just checks PHP session and redirects to a login script if needed.

I'm reading that I have to place this in my httpd.conf. How would I specify that the RewriteMap should only occur on a specific directory (including subdirectories)?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

1条回答 默认 最新

  • 已采纳
    dtu11716 dtu11716 2012-03-23 22:41

    1st, be sure that you have to put that directly in httpd.conf. On Debian system, for instance, you have 1 file by virtualhost (a virtualhost usually is a website) So, you have to put your rewriteMap in a "directory" like this:

    <Directory /full/path/to/your/pdfs>
        RewriteEngine on
        ...
    </Directory>
    
    点赞 评论 复制链接分享

相关推荐