怎样禁止访问tomcat目录下的某些文件？？

Posted 2023-04-23

只想让用户访问jsp或html文件，其他的文件如js和images之类的目录不能访问，怎样做啊？
linux呢？

参考技术A 这个，应该是文件夹权限问题，楼上说的对，补充一点就是用户不能是管理员权限，用户进你的电脑只能是用来宾权限，这样你用管理员权限就可以给他设置访问禁止 参考技术B 资源管理器里右键点击要禁止的文件，菜单里选属性，出来的对话框上有个安全，选中安全页，中间有用户权限设置，设置禁止读写就好了本回答被提问者采纳

[nginx]禁止访问目录下的某些扩展名文件

nginx.conf配置文件

http ->多个server -> 多个location ->可限制目录和文件访问(根据i扩展名限制或者rewrite.)

根据目录或扩展名，禁止用户访问指定数据信息

禁止访问目录下的某些扩展名文件

这次我测一下,禁止访问网站目录下的 html/images/*.txt文件

[root@n1 nginx]# tree html/
html/
├── 50x.html
├── images
│   └── maotai.txt
└── index.html

• 默认是允许访问的,http://192.168.2.11/images/maotai.txt

• 设置禁止访问

location ~ ^/images/.*\\.(txt|php|php5|sh|pl|py|html)$
{
    deny all;
}

• 日志查看

- access.log: 允许访问
192.168.2.1 - - [11/Mar/2018:10:58:06 +0800] "GET /images/maotai.txt HTTP/1.1" 200 7 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36"

- access.log: 禁止访问
192.168.2.1 - - [11/Mar/2018:10:59:10 +0800] "GET /images/maotai.txt HTTP/1.1" 403 563 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36"

- error.log
2018/03/11 10:59:10 [error] 28357#0: *16 access forbidden by rule, client: 192.168.2.1, server: localhost, request: "GET /images/maotai.txt HTTP/1.1", host: "192.168.2.11"

附录: nginx.conf

worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       80;
        server_name  localhost;
        location / {
            root   html;
            index  index.html index.htm;
        }
        location ~ ^/images/.*\\.(txt|php|php5|sh|pl|py|html)$
        {
            deny all;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}

当访问禁止的数据信息时，进行页面跳转(rewrite)

访问http://www.maotai.com/images/1.png -> http://www.baidu.com/images/1.png

        location ~* \\.(txt|doc)$ {
            if (-f $request_filename){
                root html/images/;
                #rewrite …..可以重定向到某个URL
                rewrite ^/(.*) http://www.baidu.com/$1 permanent;
                break;
            }
        }

根据IP地址或网络进行访问策略控制

location / { 
    deny 192.168.1.1;
    allow 192.168.1.0/24;
    allow 10.1.1.0/16;
    deny all;
}

worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       80;
        server_name  localhost;

        location / {
            root   html;
            index  index.html index.htm;
        }
        location ~* \\.(txt|doc)$ {
            if (-f $request_filename){
                root html/images/;
                #rewrite …..可以重定向到某个URL
                rewrite ^/(.*) http://www.nmtui.com/$1 permanent;
                break;
            }
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}

采用if判断方式，进行访问控制

        if ($remote_addr = 192.168.2.1) {
            return 403;
        }

worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       80;
        server_name  localhost;

        location / {
            root   html;
            index  index.html index.htm;
        }
        if ($remote_addr = 192.168.2.1) {
            return 403;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}