英文:
Prevent Directory Listing in Go Public Folder
问题
我正在使用nginx后面的go,我的公共文件夹有点太公开了:
func main() {
defer db.Close()
// 公共目录是 /public
fs := http.FileServer(http.Dir("public"))
http.Handle("/public/", http.StripPrefix("/public/", fs))
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {..
如果访问者只是输入了mydomain/public,它可以访问整个公共文件夹并查看所有文件。我希望保持对文件的访问开放(显然),但是如果您只输入/public或/public/images,我想删除目录列表,所以例如/public/css/main.css可以工作,但不是/public/或/public/css。
英文:
I am using go behind nginx and my public folder is well..a bit too public:
func main() {
defer db.Close()
// public dir is /public
fs := http.FileServer(http.Dir("public"))
http.Handle("/public/", http.StripPrefix("/public/", fs))
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {..
If the visitor just types mydomain/public it can access the whole public folder and. see all the file. I would like to keep the access to the files open (obviously) but I want to remove the directory listing if you just type /public or /public/images
so e.g. /public/css/main.css would work but not /public/ or /public/css
答案1
得分: 2
你可以实现一个自定义中间件,如果路径有尾部斜杠(即它是一个目录),则返回404。
func intercept(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if strings.HasSuffix(r.URL.Path, "/") {
http.NotFound(w, r)
return
}
next.ServeHTTP(w, r)
})
}
func main() {
defer db.Close()
// public dir is /public
fs := http.FileServer(http.Dir("public"))
http.Handle("/public/", http.StripPrefix("/public", intercept(fs)))
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {...}
...
}
此外,对于没有尾部斜杠的任何目录的请求将被重定向以接收404响应。
英文:
You can implement a custom middleware to return 404 if path has a trailing slash (ie if it's a directory).
func intercept(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if strings.HasSuffix(r.URL.Path, "/") {
http.NotFound(w, r)
return
}
next.ServeHTTP(w, r)
})
}
func main() {
defer db.Close()
// public dir is /public
fs := http.FileServer(http.Dir("public"))
http.Handle("/public/", http.StripPrefix("/public", intercept(fs)))
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {...}
...
}
Also, requests for any directory without the trailing slash will be redirected to receive 404 response.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论