日期:2014-05-16  浏览次数:20811 次

Apache和Tomcat限制文件访问或下载

Apache,在http.conf中的<Directory >里面加入

<FilesMatch "pattern">
   Order Deny,Allow
   Deny from all
</FilesMatch>

?

Tomcat,在web.xml里加入

<security-constraint>
<display-name>HelloApp Configuration Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/pattern</url-pattern> <!--可在这里设置要被限制的文件夹-->
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
</auth-constraint>
</security-constraint>
?