web站点根目录_通过将其放在Web根上方来保护站点文件

web站点根目录

The most common method of restricting access to files on a web server is with an .htaccess file. While this obviously works, it is somewhat fragile: the entire protective strength of the technique relies on a string of characters in a text file.

限制对Web服务器上文件的访问的最常见方法是使用.htaccess文件 。 尽管这显然有效，但它还是有些脆弱：该技术的整个保护强度取决于文本文件中的字符串。

A better technique is to lift the files and folders that you wish to protect completely free from the web root, placing them elsewhere on the server. This means that no outside HTTP request can ever touch them . It’s a technique often suggested by frameworks and Content Management Systems, and is much more secure, but it comes with three challenges:

更好的技术是将要保护的文件和文件夹从Web根目录中完全释放出来，然后将其放置在服务器上的其他位置。 这意味着没有任何外部HTTP请求可以触摸它们。 它是框架和内容管理系统经常建议的一种技术，并且更加安全，但是它面临三个挑战：

1. Not all web hosting providers allow you outside the root folder (which may be called www, htdocs, public, web or html, depending on the server setup).

   并非所有的Web托管提供商都允许您在根文件夹之外(根据服务器设置，根文件夹可能称为www ， htdocs ， public ， web或html )。

2. You cannot use the standard root path to the new, moved location of these files; you must use a server path instead (discussed below).

   您不能使用标准根路径访问这些文件的新位置。 您必须改用服务器路径(如下所述)。

3. This server path will be different for every hosting environment, depending on the operating system and host type.
   对于每个托管环境，此服务器路径都将有所不同，具体取决于操作系统和主机类型。

The good news is that if your web hosting provider does allow you to roam free on the server, you can achieve this level of protection quickly.

好消息是，如果您的虚拟主机提供商允许您在服务器上自由漫游，则可以快速实现此保护级别。

First, let’s look at a typical web hosting setup. In this case, an Ubuntu LAMP stack at my preferred vendor, Digital Ocean:

首先，让我们看一个典型的虚拟主机设置。 在这种情况下，我首选的供应商Digital Ocean上的Ubuntu LAMP堆栈：

As you can see, this hosting company gives me complete access to the server. The site files are contained in an html folder, which exists inside a www folder. In turn, these are contained in a var folder, along with many other directories.

如您所见，这家托管公司为我提供了对服务器的完全访问权限。 站点文件包含在html文件夹中，该文件夹位于www文件夹中。 反过来，它们与许多其他目录一起包含在var文件夹中。

All the publicly accessible files are in the html folder, while I desire certain files, such as PHP includes, database connection scripts and framework config files, to be inaccessible to normal users, while they remain available to the site itself.

所有可公开访问的文件都位于html文件夹中，而我希望普通用户无法访问某些文件(例如PHP包括，数据库连接脚本和框架配置文件)，而这些文件仍可用于站点本身。

学习道路 (Learning The Path)

The first step is working out exactly where the html folder is on the server. While you might be able to work that out from the structure shown above, there’s one foolproof method, so long as your server is running PHP; create a quick test.php page containing a single line of code:

第一步是确定html文件夹在服务器上的确切位置。 尽管您可以从上面显示的结构中解决这个问题，但是只要您的服务器运行PHP，就可以采用一种简单的方法。 创建一个包含一行代码的快速test.php页面：

<?php echo __FILE__; ?>

Upload test.php to the public web folder (html, in this case) and view it in a browser using the complete URL: http://mysite.com/test.php

将test.php上传到公共Web文件夹(在本例中为html )，并使用完整的URL在浏览器中查看它： http : //mysite.com/test.php

The result, printed out on the page, will probably look something like this: /var/www/html/test.php

打印在页面上的结果可能看起来像这样： /var/www/html/test.php

On a local testing server like MAMP, it might look like this: /Applications/MAMP/htdocs/test.php

在本地测试服务器(如MAMP)上，可能看起来像这样： /Applications/MAMP/htdocs/test.php

Regardless of the details, you have the information you need: the actual location of this page on the server. Given that information, we can work “backwards” from the public location, to a new private folder we’ll create in the next step.

不管细节如何，您都有所需的信息：此页面在服务器上的实际位置。 有了这些信息，我们就可以从公共位置“向后”移动到下一步将要创建的新私有文件夹中。

Before doing so, record the information reported by the page and delete test.php from the server.

在这样做之前，请记录页面报告的信息，并从服务器中删除test.php 。

精心设计位置 (Crafting A Location)

Now that we know the path, we can create a folder above the level of the public folder, aka the “web root”. In my case, I’ve decided to create a folder called includes. Into this will go any sensitive data that I don’t want revealed to eyes peering through a browser. For the purposes of demonstration, I’ve placed a private.inc file in the new folder.

现在我们知道了路径，我们可以在公用文件夹之上创建一个文件夹，也称为“网络根目录”。 就我而言，我决定创建一个名为include的文件夹。 通过浏览器凝视的所有我不想透露的敏感数据都将输入其中。 为了演示起见，我在新文件夹中放置了一个private.inc文件。

使用新位置 (Using The New Location)

To use private.inc in a page, we must be slightly clever with paths. In the case of using private.inc on the server demonstrated here, I would use the following on a public page contained in the html folder:

要在页面中使用private.inc ，我们必须对路径略有了解。 在此处演示的服务器上使用private.inc的情况下，我将在html文件夹中包含的公共页面上使用以下内容：

<?php include ("/var/includes/private.inc") ?>

This allows me to use the include file without ever making it publicly available: a neat trick.

这使我可以使用include文件，而无需使其公开可用：一个绝妙的技巧。

翻译自: https://thenewcode.com/1010/Safeguard-Site-Files-by-Placing-Them-Above-the-Web-Root

web站点根目录