有没有办法强制阿帕奇返回404,而不是403? [英] Is there a way to force apache to return 404 instead of 403?
问题描述
有没有一种方法,我怎么可以配置Apache Web服务器返回404(未找到)错误code,而不是403(禁止)为此,我希望禁止进行访问一些特定的目录?
Is there a way how I can configure the Apache web server to return a 404 (not found) error code instead of 403 (forbidden) for some specific directories which I want to disallow to be accessed?
我找到了一些解决方案,暗示使用mod_rewrite的,例如像
I found some solutions suggesting the use of mod_rewrite, like e.g.
RewriteEngine On
RewriteRule ^.*$ /404 [L]
由于发送404代替403的目的是进行模糊处理的目录结构,这种解决方案是太暴露,因为它重定向到一些不同的位置,这使得它明显最初访问的目录是否确实存在。
As the purpose of sending 404 instead of 403 is to obfuscate the directory structure, this solution is too revealing, because it redirects to some different location which makes it obvious that the directory originally accessed does in fact exist.
推荐答案
RedirectMatch 404 ".*\/\..*"
做的伎俩,禁止访问所有文件或启动以点目录,给人一种404 Not Found错误。
does the trick, it prohibits access to all files or directories starting with a dot, giving a "404 Not Found" error.
从Apache的手动道:重定向[赛事]指令通过询问客户端重新获取新位置的资源映射一个老的URL为一个新的。默认情况下,重定向发送302回报code,但它可以还返回其他状态codeS如上图所示。
From the Apache manual: "The Redirect[Match] directive maps an old URL into a new one by asking the client to refetch the resource at the new location." By default, Redirect sends a 302 return code, but it can also return other status codes as shown above.
这篇关于有没有办法强制阿帕奇返回404,而不是403?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
