��权限没有,则隐藏 function forum_list_access_filter($forumlist, $gid, $allow = 'allowread') { global $grouplist; if (empty($forumlist)) return array(); if (1 == $gid) return $forumlist; $forumlist_filter = $forumlist; $group = $grouplist[$gid]; foreach ($forumlist_filter as $fid => $forum) { if (empty($forum['accesson']) && empty($group[$allow]) || !empty($forum['accesson']) && empty($forum['accesslist'][$gid][$allow])) { unset($forumlist_filter[$fid]); } unset($forumlist_filter[$fid]['accesslist']); } return $forumlist_filter; } function forum_filter_moduid($moduids) { $moduids = trim($moduids); if (empty($moduids)) return ''; $arr = explode(',', $moduids); $r = array(); foreach ($arr as $_uid) { $_uid = intval($_uid); $_user = user_read($_uid); if (empty($_user)) continue; if ($_user['gid'] > 4) continue; $r[] = $_uid; } return implode(',', $r); } function forum_safe_info($forum) { //unset($forum['moduids']); return $forum; } function forum_filter($forumlist) { foreach ($forumlist as &$val) { unset($val['brief'], $val['announcement'], $val['seo_title'], $val['seo_keywords'], $val['create_date_fmt'], $val['icon_url'], $val['modlist']); } return $forumlist; } function forum_format_url($forum) { global $conf; if (0 == $forum['category']) { // 列表URL $url = url('list-' . $forum['fid'], '', FALSE); } elseif (1 == $forum['category']) { // 频道 $url = url('category-' . $forum['fid'], '', FALSE); } elseif (2 == $forum['category']) { // 单页 $url = url('read-' . trim($forum['brief']), '', FALSE); } if ($conf['url_rewrite_on'] > 1 && $forum['well_alias']) { if (0 == $forum['category'] || 1 == $forum['category']) { $url = url($forum['well_alias'], '', FALSE); } elseif (2 == $forum['category']) { // 单页 $url = ($forum['threads'] && $forum['brief']) ? url($forum['well_alias'] . '-' . trim($forum['brief']), '', FALSE) : url($forum['well_alias'], '', FALSE); } } return $url; } function well_forum_alias() { $forumlist = forum_list_cache(); if (empty($forumlist)) return ''; $key = 'forum-alias'; static $cache = array(); if (isset($cache[$key])) return $cache[$key]; $cache[$key] = array(); foreach ($forumlist as $val) { if ($val['well_alias']) $cache[$key][$val['fid']] = $val['well_alias']; } return array_flip($cache[$key]); } function well_forum_alias_cache() { global $conf; $key = 'forum-alias-cache'; static $cache = array(); // 用静态变量只能在当前 request 生命周期缓存,跨进程需要再加一层缓存:redis/memcached/xcache/apc if (isset($cache[$key])) return $cache[$key]; if ('mysql' == $conf['cache']['type']) { $arr = well_forum_alias(); } else { $arr = cache_get($key); if (NULL === $arr) { $arr = well_forum_alias(); !empty($arr) AND cache_set($key, $arr); } } $cache[$key] = empty($arr) ? '' : $arr; return $cache[$key]; } ?>htaccess - Wordpress: Adding Security
最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客

htaccess - Wordpress: Adding Security

programmeradmin6浏览0评论

Regarding this answer, is correct to add the file debug.log in this way?

RewriteRule (?:debug|readme|license|changelog|-config|-sample)\.(?:php|md|txt|html|log?) - [R=404,NC,L]

Kind Regards

Regarding this answer, is correct to add the file debug.log in this way?

RewriteRule (?:debug|readme|license|changelog|-config|-sample)\.(?:php|md|txt|html|log?) - [R=404,NC,L]

Kind Regards

Share Improve this question asked Oct 5, 2020 at 14:57 Ponzio PilatoPonzio Pilato 1111 bronze badge 2
  • 1 "is correct to add the file debug.log in this way?"- Do you mean in terms of modifying that directive? Well, it depends on exactly what you are trying to achieve. If you simply want to "hide" debug.log from HTTP access then that directive arguably does too much. Since there are no anchors on the regex it could potentially conflict with valid URLs - depending on where you place the directive in your .htaccess file. Then again, it could do exactly what you require. – MrWhite Commented Oct 5, 2020 at 16:28
  • Yes, basically debug.log, but without deny, with 404. May you suggest me a rule less "too much" please? – Ponzio Pilato Commented Oct 5, 2020 at 16:30
Add a comment  | 

1 Answer 1

Reset to default 1

Yes, basically debug.log, but without deny, with 404

Yes, that directive will serve a "404 Not Found" when attempting to request debug.log.

|log?

However, because of the ? in the above regex, it will also block debug.lo. Is that intentional? In fact, if that is intentional then you could simply remove the g? part - since it serves no purpose. But if not, then remove the trailing ? to match debug.log only.

However, it also potentially blocks any URL that simply contains debug.log in the URL-path (since there are no anchors ^ or $ or word boundaries on the regex). For example, the following innocent URL(s) will also be blocked if the directive appears before the WordPress front-controller:

/what-is-the-meaning-of-debug.log-on-my-filesystem
/are-changelog.md-files-really-necessary

(Should you have articles with such a title/slug.)

For this reason, this directive should probably be located at the end of the .htaccess file, after the WordPress front-controller, so that you only block access to physical files. This will also be marginally more efficient.

[R=404,NC,L] - minor point... the L flag is not strictly required here. L is implied when specifying a non-3xx return code.


To simply block (with a 404) requests for debug.log (all lowercase) in the document root only then the following would be sufficient:

RewriteRule ^debug\.log$ - [R=404]
发布评论

评论列表(0)

  1. 暂无评论