在Kohana中,.htaccess 中有modules-路径保护
# Protect application and system files from being viewed
RewriteRule ^(?:application|modules|system)b.* index.php/$0 [L]
我如何允许这样的路径:
http://localhost/modules/mymodule/media/js/myjavascript.js
我想在我的模块中包含javascript和其他媒体文件,并且仍然保护其他模块文件,如.php
我可以允许整个modules-路径,但所有的.php-文件也会被列出。
# Protect application and system files from being viewed
RewriteRule ^(?:application|system)b.* index.php/$0 [L]
当然有基本的PHP保护,但我仍然不希望任何人可以列出我的modules-路径。
<?php defined('SYSPATH') or die('No direct script access.');
最好的解决方案是使用媒体控制器为这些文件提供服务。因此,用户可以请求"js/script.js",Kohana将使用级联文件结构加载它找到的第一个文件。Kohana有一个很好的媒体控制器,它在用户指南模块中:
classes/controller/userguide.php 的第247行
public function action_media()
{
// Get the file path from the request
$file = $this->request->param('file');
// Find the file extension
$ext = pathinfo($file, PATHINFO_EXTENSION);
// Remove the extension from the filename
$file = substr($file, 0, -(strlen($ext) + 1));
if ($file = Kohana::find_file('media/guide', $file, $ext))
{
// Check if the browser sent an "if-none-match: <etag>" header, and tell if the file hasn't changed
$this->response->check_cache(sha1($this->request->uri()).filemtime($file), $this->request);
// Send the file content as the response
$this->response->body(file_get_contents($file));
// Set the proper headers to allow caching
$this->response->headers('content-type', File::mime_by_ext($ext));
$this->response->headers('last-modified', date('r', filemtime($file)));
}
else
{
// Return a 404 status
$this->response->status(404);
}
}
这不是最快的解决方案,但如果您正确设置了响应头,文件应该缓存在客户端浏览器上。
解决方案,在RewriteRule 之前添加此RewriteEnd
# Protect application and system files from being viewed
RewriteCond %{REQUEST_URI} !^(.*/)*(application|application/cache|modules/[^/]*)/media/.*$
RewriteRule ^(?:application|modules|system)b.* index.php/$0 [L]