htaccess的重定向以.php结尾指数的任何URL [英] htaccess redirect any urls ending in .php to index
问题描述
我已经设置了我的.htaccess到目前为止如下:
I've set up my .htaccess so far as follows:
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?page=$1 [QSA]
我的index.php文件加载从/页,如文件。的index.php?网页=家庭将加载的网页/ home.php页面内容
My index.php loads the file from /pages, eg. index.php?page=home will load the page content from pages/home.php
然而 - 如果有人去页/ home.php页面加载而不标题等,它们是不希望的。我可以添加到重定向.php结尾的任何网址,只需将用户带到主页?
However - if someone went to pages/home.php the page loads without the headers etc. which is undesirable. What can I add to redirect any URLs ending in .php to just take the user to the homepage?
感谢
推荐答案
一个单独的重写规则(无文件存在条件) ^(。*)\。PHP $
应工作。但是,为什么人们试图直接访问的.php?如果没有一个很好的理由,一个拒绝在该目录可能是一个更好的选择。
A separate RewriteRule (without file exists condition) for ^(.*)\.php$
should work. But why are people trying to access the .php directly? If there isn't a good reason, a Deny in the directory is probably a better bet.
(而且,正如@col,弹片意见,谨防包括注射。我希望你过滤你的页面名称很好。)
(And, as @Col. Shrapnel comments, beware include injection. I hope you're filtering your page names well.)
编辑:包括注:试想,如果有人给你一个有趣的网页名称会发生什么,如页= HTTP://foo.com/exploit
,将你的脚本运行?那么页= / etc / passwd文件
或页= / .. / .. / .. / etc / passwd文件
,将打印出来的密码文件? 页=`mysqldump的...`
,你会给你的数据库的副本?
edit: include injection: Consider what happens if someone gives you an interesting page name, such as page=http://foo.com/exploit
, will your script run it? What about page=/etc/passwd
or page=/../../../etc/passwd
, will you print out the password file? page=`mysqldump …`
, will you give a copy of your database?
这篇关于htaccess的重定向以.php结尾指数的任何URL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!