htaccess的重定向以.php结尾指数的任何URL [英] htaccess redirect any urls ending in .php to index

问题描述

我已经设置了我的.htaccess到目前为止如下：

I've set up my .htaccess so far as follows:

RewriteEngine On
RewriteBase /

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?page=$1 [QSA]

我的index.php文件加载从/页，如文件。的index.php？网页=家庭将加载的网页/ home.php页面内容

My index.php loads the file from /pages, eg. index.php?page=home will load the page content from pages/home.php

然而 - 如果有人去页/ home.php页面加载而不标题等，它们是不希望的。我可以添加到重定向.php结尾的任何网址，只需将用户带到主页？

However - if someone went to pages/home.php the page loads without the headers etc. which is undesirable. What can I add to redirect any URLs ending in .php to just take the user to the homepage?

感谢

推荐答案

一个单独的重写规则（无文件存在条件） ^（。*）\。PHP $ 应工作。但是，为什么人们试图直接访问的.php？如果没有一个很好的理由，一个拒绝在该目录可能是一个更好的选择。

A separate RewriteRule (without file exists condition) for ^(.*)\.php$ should work. But why are people trying to access the .php directly? If there isn't a good reason, a Deny in the directory is probably a better bet.

（而且，正如@col，弹片意见，谨防包括注射。我希望你过滤你的页面名称很好。）

(And, as @Col. Shrapnel comments, beware include injection. I hope you're filtering your page names well.)

编辑：包括注：试想，如果有人给你一个有趣的网页名称会发生​​什么，如页= HTTP：//foo.com/exploit ，将你的脚本运行？那么页= / etc / passwd文件或页= / .. / .. / .. / etc / passwd文件 ，将打印出来的密码文件？ 页=`mysqldump的...`，你会给你的数据库的副本？

edit: include injection: Consider what happens if someone gives you an interesting page name, such as page=http://foo.com/exploit, will your script run it? What about page=/etc/passwd or page=/../../../etc/passwd, will you print out the password file? page=`mysqldump …`, will you give a copy of your database?

这篇关于htaccess的重定向以.php结尾指数的任何URL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！