Apache和Tomcat限制文件访问或下载

Apache，在http.conf中的<Directory >里面加入

<FilesMatch "pattern">   Order Deny,Allow   Deny from all</FilesMatch>

?

Tomcat，在web.xml里加入

<security-constraint><display-name>HelloApp Configuration Security Constraint</display-name><web-resource-collection><web-resource-name>Protected Area</web-resource-name><!-- Define the context-relative URL(s) to be protected --><url-pattern>/pattern</url-pattern> <!--可在这里设置要被限制的文件夹--></web-resource-collection><auth-constraint><!-- Anyone with one of the listed roles may access this area --></auth-constraint></security-constraint>